REST implementation of Django authentication system.

Overview

djoser

Codacy Badge https://img.shields.io/pypi/dm/djoser

REST implementation of Django authentication system. djoser library provides a set of Django Rest Framework views to handle basic actions such as registration, login, logout, password reset and account activation. It works with custom user model.

Instead of reusing Django code (e.g. PasswordResetForm), we reimplemented few things to fit better into Single Page App architecture.

Developed by SUNSCRAPERS with passion & patience.

https://asciinema.org/a/94J4eG2tSBD2iEfF30a6vGtXw.png

Requirements

To be able to run djoser you have to meet following requirements:

  • Python (3.6, 3.7, 3.8, 3.9)
  • Django (2.2, 3.1)
  • Django REST Framework 3.11.1

If you need to support other versions, please use djoser<2.

Installation

Simply install using pip:

$ pip install djoser

And continue with the steps described at configuration guide.

Documentation

Documentation is available to study at https://djoser.readthedocs.io and in docs directory.

Contributing and development

To start developing on djoser, clone the repository:

$ git clone [email protected]:sunscrapers/djoser.git

We use poetry as dependency management and packaging tool.

$ cd djoser
$ poetry install -E test

This will create a virtualenv with all development dependencies.

To run the test just type:

$ poetry run py.test testproject

We also preapred a convenient Makefile to automate commands above:

$ make init
$ make test

To activate the virtual environment run

$ poetry shell

Without poetry

New versions of pip can use pyproject.toml to build the package and install its dependencies.

$ pip install .[test]
$ cd testproject
$ ./manage.py test

Tox

If you need to run tests against all supported Python and Django versions then invoke:

$ poetry run tox -p all

Example project

You can also play with test project by running following commands:

$ make migrate
$ make runserver

Commiting your code

Before sending patches please make sure you have pre-commit activated in your local git repository:

$ pre-commit install

This will ensure that your code is cleaned before you commit it. Some steps (like black) automatically fix issues but the show their status as FAILED. Just inspect if eveything is OK, git-add the files and retry the commit. Other tools (like flake8) require you to manually fix the issues.

Similar projects

List of projects related to Django, REST and authentication:

Please, keep in mind that while using custom authentication and TokenCreateSerializer validation, there is a path that ignores intentional return of None from authenticate() and try to find User using parameters. Probably, that will be changed in the future.

Comments
  • Kn/settings rewrite

    Kn/settings rewrite

    I saw a few problems with how we handle settings in Djoser. And decided to try solve some of them.

    • settings.get("SEND_ACTIVATION_EMAIL") is cumbersome interface and it is used a lot across the code. We should look for more clear and simpler way. Thats why I decided to use config.SEND_ACTIVATION_EMAIL somewhat resembling how Django does.
    • merge_settings_dicts was invoked every time an setting value is looked up. This is not optimal. Additionaly djoser settings aren't so complex so why to use this recursive function? I removed it and replaced with simple approach: instantiate default djoser settings and override anything that user customized in django settings.

    There is some work to do but i want to show this idea for consideration.

    opened by KaczuH 15
  • state of session authentication in djoser

    state of session authentication in djoser

    As a DRF newbie, using djoser, but also wanting to use session auth, as my application is only browser based, I wonder why session auth is not supported by djoser, as seen here: https://djoser.readthedocs.io/en/latest/getting_started.html#supported-authentication-backends

    Then according to #320, I found the CREATE_SESSION_ON_LOGIN setting, that seems undocumented? I would gently help to improve docs, but I am wondering what exactly the current state with session auth is?

    opened by benzkji 14
  • Add support for Drf 3.5

    Add support for Drf 3.5

    This PR essentialy rename View.action into View._action because View.action is a reserved attribute of DRF.

    https://github.com/tomchristie/django-rest-framework/blob/master/rest_framework/request.py#L56

    This change is potentially backward incompatible, as such, a changelog entry should explain the steps and/or published with a major version bump (at the appreciation of the maintainers).

    fixes #171

    opened by ticosax 14
  • Allow email to be used for auth

    Allow email to be used for auth

    This provides the option of using email instead of username for auth. It works nicely with auth packages such as django-allauth, which provides an email authentication backend.

    opened by mcastle 13
  • permission_denied() got an unexpected keyword argument 'code'

    permission_denied() got an unexpected keyword argument 'code'

    Error while calling /users/me/ endpoint with no/wrong auth.

    Code in question: https://github.com/sunscrapers/djoser/blob/35e5a5e75127d7270ab8f7bb13c4f7d0c0ec5a7b/djoser/views.py#L52 Code that calls it (from django-rest-framework): https://github.com/encode/django-rest-framework/blob/be87eb43b348f1f079de81329218b79814b97173/rest_framework/views.py#L333 Change that added the code parameter: https://github.com/encode/django-rest-framework/pull/7306

    The only other issue I found about this was self closed: #538

    Full trace:

    Internal Server Error: /auth/users/me/
    Traceback (most recent call last):
      File "C:\Users\Bor\AppData\Local\Programs\Python\Python38\lib\site-packages\django\core\handlers\exception.py", line 47, in inner
        response = get_response(request)
      File "C:\Users\Bor\AppData\Local\Programs\Python\Python38\lib\site-packages\django\core\handlers\base.py", line 179, in _get_response
        response = wrapped_callback(request, *callback_args, **callback_kwargs)
      File "C:\Users\Bor\AppData\Local\Programs\Python\Python38\lib\site-packages\django\views\decorators\csrf.py", line 54, in wrapped_view
        return view_func(*args, **kwargs)
      File "C:\Users\Bor\AppData\Local\Programs\Python\Python38\lib\site-packages\rest_framework\viewsets.py", line 125, in view
        return self.dispatch(request, *args, **kwargs)
      File "C:\Users\Bor\AppData\Local\Programs\Python\Python38\lib\site-packages\rest_framework\views.py", line 509, in dispatch
        response = self.handle_exception(exc)
      File "C:\Users\Bor\AppData\Local\Programs\Python\Python38\lib\site-packages\rest_framework\views.py", line 469, in handle_exception
        self.raise_uncaught_exception(exc)
      File "C:\Users\Bor\AppData\Local\Programs\Python\Python38\lib\site-packages\rest_framework\views.py", line 480, in raise_uncaught_exception
        raise exc
      File "C:\Users\Bor\AppData\Local\Programs\Python\Python38\lib\site-packages\rest_framework\views.py", line 497, in dispatch
        self.initial(request, *args, **kwargs)
      File "C:\Users\Bor\AppData\Local\Programs\Python\Python38\lib\site-packages\rest_framework\views.py", line 415, in initial
        self.check_permissions(request)
      File "C:\Users\Bor\AppData\Local\Programs\Python\Python38\lib\site-packages\rest_framework\views.py", line 333, in check_permissions
        self.permission_denied(
    TypeError: permission_denied() got an unexpected keyword argument 'code'
    
    opened by zumoshi 12
  • [RFC] Rename the repository

    [RFC] Rename the repository

    Hi, in this kinda RFC issue I'd like to propose a respository name change. There are quite few reasons to do so:

    1. People have a hard time searching and finding our project, because the name is kinda out of this world (https://en.wikipedia.org/wiki/Djoser)
    2. The name is short, however it might not be the easiest one to remember.
    3. SEO is almost non-existent and it would take a great effort to improve it.
    4. For some time it was not being actively maintained and it might have brought a bad reputation.

    At the moment I do not have a proposition for a new name. First thing I'd like to do is to find out what everyone is thinking about the idea.

    opened by pszpetkowski 12
  • AttributeError at /auth/register

    AttributeError at /auth/register

    AttributeError at /auth/register
    'UserRegistrationSerializer' object has no attribute 'init_data'
    

    I was trying to create a new user by issuing a POST request to /auth/register. Exception location is at djoser/djoser/serializers.py in save, line 34

    Here are my package versions -

    Django==1.7.1
    djangorestframework==3.0.0
    djoser==0.1.0
    

    Can you tell me why this is happenning?

    bug 
    opened by ansal 12
  • Unauthorized: /auth/jwt/create/

    Unauthorized: /auth/jwt/create/

    I install Djoser with JWT. I am able to activate the user with the Postman. When I send a POST request to this url: /auth/jwt/create/ I get this message from postman: "detail": "No active account found with the given credentials".

    opened by epetrov1 11
  • Update user only sends email confirmation if email field was updated

    Update user only sends email confirmation if email field was updated

    I was running into a similar (or same) issue as described here https://github.com/sunscrapers/djoser/issues/546. I had SEND_ACTIVATION_EMAIL=True and was updating a user's information that wasn't the email (i.e. first_name, last_name, etc). This resulted in sending an activation email, which doesn't really make sense since the email isn't being updated.

    • Update user only sends email confirmation if email field was updated
      • Updating fields other than the email result in NOT sending an activation email
    • Keeps functionality of SEND_ACTIVATION_EMAIL
    • All tests passed
    opened by nicknickel 10
  • Sanitization for username + tests. Closes #146

    Sanitization for username + tests. Closes #146

    Didn't work out sanitization for dictionary, because LoginSerializer doesn't provide dictionary. Could go around, but decided to create sanitization for string argument. Included sanitization in 3 classes: UserRegistrationSerializer, LoginSerializer and SetUsernameSerializer. Created 3 tests for each use case - similar to primary tests. Created list of 2 test sanitizers: uppercase and trim3, to check if works for list of sanitizers.

    opened by ppeczek 10
  • Enhance error message for not activated user

    Enhance error message for not activated user

    Hi. Thanks for the djoser. I like it as it makes life easier unlike other packages.

    There is one thing I have come across. I'd suggest to change a feedback message for a non-active user who tries to obtain jwt, because now it returns the following:

    {
        "non_field_errors": [
            "Unable to log in with provided credentials."
        ]
    }
    

    How can I detect if user tried wrong credentials or user has not just activated his account yet?

    opened by igsm 9
  • Is it possible to add expiration time to tokens of email activation?

    Is it possible to add expiration time to tokens of email activation?

    Who needs this change would need to overwrite some structure like view or serialize? Or can we add through some parameter?

    REF: https://stackoverflow.com/questions/71628282/add-expire-time-for-validation-and-verification-in-djoser

    opened by albjoaov 1
  • update permisisons

    update permisisons

    CurrentUserOrAdminOrReadOnly class was inherited from permissions.IsAuthenticated and didn't provide access to the list for unauthentificated user. Method "has permission" particularly restricts this request from unauthentificated user. ( I would like to suggest to inherite CurrentUserOrAdminOrReadOnly from IsAuthenticatedOrReadOnly) BR Maxim

    opened by Maxim-Zima 0
  • Update settings - permissions

    Update settings - permissions

    It was written 'rest_framework.permissions.CurrentUserOrAdmin'. I suppose it is 'djoser.permissions.CurrentUserOrAdmin', because it is a special permission and there is no such one in rest_framework. BR Maxim

    opened by Maxim-Zima 0
  • Bump certifi from 2021.10.8 to 2022.12.7

    Bump certifi from 2021.10.8 to 2022.12.7

    Bumps certifi from 2021.10.8 to 2022.12.7.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Fix duplicate signals in login_user and logout_user functions.

    Fix duplicate signals in login_user and logout_user functions.

    When setting "CREATE_SESSION_ON_LOGIN" is on, the signal "user_logged_in" is being sent duplicate, because function login (called in the line 19) already send this signal (/django/contrib/auth/init.py line 125).

    We have the same situation for logout, function logout (called in the line 29) already send the user_logged_out signal.

    opened by wcipriano 0
Releases(1.1.5)
  • 1.1.5(Dec 8, 2017)

    Bugfix release. List of changes:

    • Add Steam config to testproject
    • Add python egg data to .gitignore
    • Update social auth serializer to use GET parameters instead of JSON data
    • Update python-social-auth integration tests to use GET parameters
    • Update social auth credentials in testproject to use environment variables by default
    Source code(tar.gz)
    Source code(zip)
  • 1.1.4(Dec 8, 2017)

  • 1.1.3(Dec 8, 2017)

  • 1.1.2(Dec 8, 2017)

  • 1.1.1(Nov 5, 2017)

  • 1.1.0(Nov 5, 2017)

    In this major release a primary goal was to introduce a basic integration with third party based authentication. List of changes:

    • Add third party based authentication support
    • Add JWT token strategy for new authentication method
    • Add EMAIL setting to allow simpler email customization.
    • Add SOCIAL_AUTH_TOKEN_STRATEGY and SOCIAL_AUTH_ALLOWED_REDIRECT_URIS settings along new authentication method
    • Add documentation about new authentication method
    • Update documentation index into captioned sections for better readability
    Source code(tar.gz)
    Source code(zip)
  • 1.0.1(Oct 19, 2017)

  • 1.0.0(Oct 14, 2017)

    In this major release we have focused on stabilization effort with JWT support. List of changes:

    • Add JWT authentication support
    • Add/Update documentation about JWT
    • Add/Update/Fix tests where necessary
    • Add support for Django REST Framework 3.7
    • Drop support for Django REST Framework 3.6
    • Replace built-in email support with django-templated-mail
    • Refactor test configuration for better performance and organization
    • Refactor RootView to have better support for modular URLs
    • Update URLs to be slightly more RESTful.
    • Update codebase with small syntax/formatting fixes
    • Update README/documentation to reflect on codebase changes
    • Move DOMAIN and SITE_NAME settings to django-templated-mail
    • Remove USE_HTML_EMAIL_TEMPLATES and ROOT_VIEW_URLS_MAPPING settings
    Source code(tar.gz)
    Source code(zip)
  • 0.7.0(Sep 1, 2017)

    This backward incompatible release provides large amount of changes with new settings implementation, new features, integration of new developer tools and many refactors. List of all changes:

    • Add TOKEN_MODEL setting to allow third party apps to specify a custom token model
    • Add USER_EMAIL_FIELD_NAME setting as a compatibility solution in Django < 1.11
    • Add support for Django Password Validators
    • Add HTML templates for djoser emails
    • Add flake8 integration to CI
    • Add py.test integration
    • Add Python 3.7 to CI
    • Update from coveralls to codecov
    • Update README to rST with uniform badges
    • Update djoser.views.PasswordResetView to allow non-database User.is_active
    • Update docs on topics which have been added/modified since last release
    • Remove serializers manager, so the serializers in djoser are now accessed via dot notation
    • Remove support for DRF 3.4
    • Remove support for basic auth as authentication backend
    • Refactor djoser settings module for cleaner and more pythonic/djangonic solution
    • Refactor tests into multiple files and fix some minor issues
    • Refactor some parts of codebase for better readability
    • Slightly refactor/simplify parts of djoser.utils
    • Fix all style issues reported by flake8_ in codebase
    • Fix security bug in djoser.views.UserView
    Source code(tar.gz)
    Source code(zip)
  • 0.6.0(Jun 2, 2017)

    This backward incompatible release focuses on delivering cleaner documentation, faster CI, bugfixes and other small improvements. It also drops support for unsupported Django / DRF versions. List of changes:

    • Add ReadTheDocs integration
    • Add basic pipenv integration
    • Add Makefile to simplify setup and development
    • Add release notes to GitHub Releases and CHANGELOG.rst
    • Update README with documentation split into Sphinx docs
    • Update .travis.yml with approximately 3.5x faster CI builds
    • Remove support for Django 1.7
    • Remove support for DRF 3.3 as a consequence of dropping Django 1.7
    • Slightly refactor use of Response in djoser/views.py
    • Fix #190 - race condition for near-simultaneous sign-ups
    Source code(tar.gz)
    Source code(zip)
  • 0.5.4(May 12, 2017)

    This release adds a test case and fixes broken factory added in last release. List of changes:

    • Add djoser.utils.UserEmailFactoryBase test case
    • Fix dictionary syntax error
    Source code(tar.gz)
    Source code(zip)
  • 0.5.3(May 12, 2017)

    This release increases reusability of UserEmailFactoryBase in djoser / user apps. Besides that it's mostly codebase cleanup. List of changes:

    • Update UserEmailFactoryBase to accept arbitrary arguments for the context
    • Update some code in djoser/utils.py to comply with PEP-8
    • Update README with additional information related to djoser requirements
    • Remove unnecessary requirements
    • Remove leftover in RegistrationView after #141
    • Cleanup setup.py and testproject/testapp/tests.py
    Source code(tar.gz)
    Source code(zip)
  • 0.5.2(May 25, 2017)

    This release breaks compatibility with pre-south Django versions and adds support for DRF 3.5. There are also some changes in documentation. List of changes:

    • Add support for DRF 3.5
    • Add documentation on using djangorestframework-jwt with djoser
    • Update required Django version to >= 1.7
    • Update docs with tweaks on encoding and names
    Source code(tar.gz)
    Source code(zip)
  • 0.5.1(May 25, 2017)

    This release introduces new features controlled via appropriate setting flags. They have been described in documentation. There also is a backward-incompatible refactor, and other various contributions. List of changes:

    • Add SEND_CONFIRMATION_EMAIL flag to djoser settings
    • Add LOGOUT_ON_PASSWORD_CHANGE flag to djoser settings
    • Add PASSWORD_RESET_SHOW_EMAIL_NOT_FOUND flag to djoser settings
    • Refactor SendEmailViewMixin into UserEmailFactoryBase
    • Update documentation
    • Update user creation to wrap it inside atomic transaction
    • Update .gitignore
    • Update tests
    Source code(tar.gz)
    Source code(zip)
  • 0.5.0(May 25, 2017)

    This backward incompatible release offers a possibility to specify arbitrary serializer for each of djoser views. It also breaks compatibility with old Python / Django / DRF versions. List of changes:

    • Add customizable serializers controlled with SERIALIZERS djoser setting field
    • Update documentation
    • Update HTTP_200_OK to HTTP_204_NO_CONTENT where appropriate
    • Remove compatibility for Python < 2.7, Django < 1.7, and DRF < 3.3
    Source code(tar.gz)
    Source code(zip)
  • 0.4.3(May 25, 2017)

    This release provides few bugfixes / UX improvements. List of changes:

    • Add human readable error message when incorrect uid is provided
    • Fix user being active, before activating his account via email
    Source code(tar.gz)
    Source code(zip)
  • 0.4.2(May 25, 2017)

    This release adds a new feature - custom password validators. List of changes:

    • Add support for /register/ and /password/reset/confirm/ arbitrary password validators, with PASSWORD_VALIDATORS djoser setting field
    Source code(tar.gz)
    Source code(zip)
  • 0.4.1(May 25, 2017)

    This release adds support for new Django / Python versions. It also contains few bugfixes / documentation updates. List of changes:

    • Add check for stale activation token
    • Add support for Django 1.9 and Python 3.5
    • Update documentation on login and logout
    • Fix #92
    • Fix #100
    Source code(tar.gz)
    Source code(zip)
  • 0.4.0(May 25, 2017)

Owner
Sunscrapers
Unrivaled Python engineers who help world’s greatest companies drive business growth with technology
Sunscrapers
Authentication for Django Rest Framework

Dj-Rest-Auth Drop-in API endpoints for handling authentication securely in Django Rest Framework. Works especially well with SPAs (e.g React, Vue, Ang

Michael 1.1k Dec 28, 2022
Authentication Module for django rest auth

django-rest-knox Authentication Module for django rest auth Knox provides easy to use authentication for Django REST Framework The aim is to allow for

James McMahon 873 Dec 30, 2022
A JSON Web Token authentication plugin for the Django REST Framework.

Simple JWT Abstract Simple JWT is a JSON Web Token authentication plugin for the Django REST Framework. For full documentation, visit django-rest-fram

Jazzband 3.3k Jan 4, 2023
Country-specific Django helpers, to use in Django Rest Framework

django-rest-localflavor Country-specific serializers fields, to Django Rest Framework Documentation (soon) The full documentation is at https://django

Gilson Filho 19 Aug 30, 2022
RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services.

RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services.

Microsoft 1.8k Jan 4, 2023
Mlflow-rest-client - Python client for MLflow REST API

Python Client for MLflow Python client for MLflow REST API. Features: Minimal de

MTS 35 Dec 23, 2022
Dropdown population implementation for Django REST Framework

drf-dropdown Dropdown population implementation for Django REST Framework Usage Add DropdownView to API URL # urls.py import dropdown urlpatterns = [

Preeti Yuankrathok 4 Dec 6, 2022
Automated generation of real Swagger/OpenAPI 2.0 schemas from Django REST Framework code.

drf-yasg - Yet another Swagger generator Generate real Swagger/OpenAPI 2.0 specifications from a Django Rest Framework API. Compatible with Django Res

Cristi Vîjdea 3k Jan 6, 2023
Django REST API with React BoilerPlate

This is a setup of Authentication and Registration Integrated with React.js inside the Django Templates for web apps

Faisal Nazik 91 Dec 30, 2022
Introduction to Django Rest Framework

Introduction to Django Rest Framework This is the repository of the video series Introduction to Django Rest Framework published on YouTube. It is a s

Simple is Better Than Complex 20 Jul 14, 2022
Scaffold django rest apis like a champion 🚀

scaffold django rest apis like a champion ??

Abdenasser Elidrissi 133 Jan 5, 2023
JSON:API support for Django REST framework

JSON:API and Django REST framework Overview JSON:API support for Django REST framework Documentation: https://django-rest-framework-json-api.readthedo

null 1k Dec 27, 2022
DRF-extensions is a collection of custom extensions for Django REST Framework

Django REST Framework extensions DRF-extensions is a collection of custom extensions for Django REST Framework Full documentation for project is avail

Gennady Chibisov 1.3k Dec 28, 2022
Generate Views, Serializers, and Urls for your Django Rest Framework application

DRF Generators Writing APIs can be boring and repetitive work. Don't write another CRUDdy view in Django Rest Framework. With DRF Generators, one simp

Tobin Brown 332 Dec 17, 2022
A light REST library for Django.

django-nap Read The Docs: https://django-nap.readthedocs.io/en/latest/ Change log: https://django-nap.readthedocs.io/en/latest/changelog.html An API l

Curtis Maloney 223 Dec 7, 2022
Swagger Documentation Generator for Django REST Framework: deprecated

Django REST Swagger: deprecated (2019-06-04) This project is no longer being maintained. Please consider drf-yasg as an alternative/successor. I haven

Marc Gibbons 2.6k Dec 23, 2022
Document Web APIs made with Django Rest Framework

DRF Docs Document Web APIs made with Django Rest Framework. View Demo Contributors Wanted: Do you like this project? Using it? Let's make it better! S

Manos Konstantinidis 626 Nov 20, 2022
Recursive Serialization for Django REST framework

djangorestframework-recursive Overview Recursive Serialization for Django REST framework This package provides a RecursiveField that enables you to se

null 336 Dec 28, 2022