This python package provides a simple password reset strategy for django rest framework

Overview

Django Rest Password Reset

PyPI version build-and-test actions status Codecov

This python package provides a simple password reset strategy for django rest framework, where users can request password reset tokens via their registered e-mail address.

The main idea behind this package is to not make any assumptions about how the token is delivered to the end-user (e-mail, text-message, etc...). Instead, this package provides a signal that can be reacted on (e.g., by sending an e-mail or a text message).

This package basically provides two REST endpoints:

  • Request a token
  • Verify (confirm) a token (and change the password)

Quickstart

  1. Install the package from pypi using pip:
pip install django-rest-passwordreset
  1. Add django_rest_passwordreset to your INSTALLED_APPS (after rest_framework) within your Django settings file:
INSTALLED_APPS = (
    ...
    'django.contrib.auth',
    ...
    'rest_framework',
    ...
    'django_rest_passwordreset',
    ...
)
  1. This package stores tokens in a separate database table (see django_rest_passwordreset/models.py). Therefore, you have to run django migrations:
python manage.py migrate
  1. This package provides three endpoints, which can be included by including django_rest_passwordreset.urls in your urls.py as follows:
from django.urls import path, include

urlpatterns = [
    ...
    path(r'^api/password_reset/', include('django_rest_passwordreset.urls', namespace='password_reset')),
    ...
]

Note: You can adapt the URL to your needs.

Endpoints

The following endpoints are provided:

  • POST ${API_URL}/ - request a reset password token by using the email parameter
  • POST ${API_URL}/confirm/ - using a valid token, the users password is set to the provided password
  • POST ${API_URL}/validate_token/ - will return a 200 if a given token is valid

where ${API_URL}/ is the url specified in your urls.py (e.g., api/password_reset/ as in the example above)

Signals

  • reset_password_token_created(sender, instance, reset_password_token) Fired when a reset password token is generated
  • pre_password_reset(sender, user) - fired just before a password is being reset
  • post_password_reset(sender, user) - fired after a password has been reset

Example for sending an e-mail

  1. Create two new django templates: email/user_reset_password.html and email/user_reset_password.txt. Those templates will contain the e-mail message sent to the user, aswell as the password reset link (or token). Within the templates, you can access the following context variables: current_user, username, email, reset_password_url. Feel free to adapt this to your needs.

  2. Add the following code, which contains a Django Signal Receiver (@receiver(...)), to your application. Take care where to put this code, as it needs to be executed by the python interpreter (see the section The reset_password_token_created signal is not fired below, aswell as this part of the django documentation and How to Create Django Signals Tutorial for more information).

from django.core.mail import EmailMultiAlternatives
from django.dispatch import receiver
from django.template.loader import render_to_string
from django.urls import reverse

from django_rest_passwordreset.signals import reset_password_token_created


@receiver(reset_password_token_created)
def password_reset_token_created(sender, instance, reset_password_token, *args, **kwargs):
    """
    Handles password reset tokens
    When a token is created, an e-mail needs to be sent to the user
    :param sender: View Class that sent the signal
    :param instance: View Instance that sent the signal
    :param reset_password_token: Token Model Object
    :param args:
    :param kwargs:
    :return:
    """
    # send an e-mail to the user
    context = {
        'current_user': reset_password_token.user,
        'username': reset_password_token.user.username,
        'email': reset_password_token.user.email,
        'reset_password_url': "{}?token={}".format(
            instance.request.build_absolute_uri(reverse('password_reset:reset-password-confirm')),
            reset_password_token.key)
    }

    # render email text
    email_html_message = render_to_string('email/user_reset_password.html', context)
    email_plaintext_message = render_to_string('email/user_reset_password.txt', context)

    msg = EmailMultiAlternatives(
        # title:
        "Password Reset for {title}".format(title="Some website title"),
        # message:
        email_plaintext_message,
        # from:
        "[email protected]",
        # to:
        [reset_password_token.user.email]
    )
    msg.attach_alternative(email_html_message, "text/html")
    msg.send()
  1. You should now be able to use the endpoints to request a password reset token via your e-mail address. If you want to test this locally, I recommend using some kind of fake mailserver (such as maildump).

Configuration / Settings

The following settings can be set in Django settings.py file:

  • DJANGO_REST_MULTITOKENAUTH_RESET_TOKEN_EXPIRY_TIME - time in hours about how long the token is active (Default: 24)

    Please note: expired tokens are automatically cleared based on this setting in every call of ResetPasswordRequestToken.post.

  • DJANGO_REST_PASSWORDRESET_NO_INFORMATION_LEAKAGE - will cause a 200 to be returned on POST ${API_URL}/reset_password/ even if the user doesn't exist in the databse (Default: False)

  • DJANGO_REST_MULTITOKENAUTH_REQUIRE_USABLE_PASSWORD - allows password reset for a user that does not have a usable password (Default: True)

Custom Email Lookup

By default, email lookup is used to find the user instance. You can change that by adding

DJANGO_REST_LOOKUP_FIELD = 'custom_email_field'

into Django settings.py file.

Custom Remote IP Address and User Agent Header Lookup

If your setup demands that the IP adress of the user is in another header (e.g., 'X-Forwarded-For'), you can configure that (using Django Request Headers):

DJANGO_REST_PASSWORDRESET_IP_ADDRESS_HEADER = 'HTTP_X_FORWARDED_FOR'

The same is true for the user agent:

HTTP_USER_AGENT_HEADER = 'HTTP_USER_AGENT'

Custom Token Generator

By default, a random string token of length 10 to 50 is generated using the RandomStringTokenGenerator class. This library offers a possibility to configure the params of RandomStringTokenGenerator as well as switch to another token generator, e.g. RandomNumberTokenGenerator. You can also generate your own token generator class.

You can change that by adding

DJANGO_REST_PASSWORDRESET_TOKEN_CONFIG = {
    "CLASS": ...,
    "OPTIONS": {...}
}

into Django settings.py file.

RandomStringTokenGenerator

This is the default configuration.

DJANGO_REST_PASSWORDRESET_TOKEN_CONFIG = {
    "CLASS": "django_rest_passwordreset.tokens.RandomStringTokenGenerator"
}

You can configure the length as follows:

DJANGO_REST_PASSWORDRESET_TOKEN_CONFIG = {
    "CLASS": "django_rest_passwordreset.tokens.RandomStringTokenGenerator",
    "OPTIONS": {
        "min_length": 20,
        "max_length": 30
    }
}

It uses os.urandom() to generate a good random string.

RandomNumberTokenGenerator

DJANGO_REST_PASSWORDRESET_TOKEN_CONFIG = {
    "CLASS": "django_rest_passwordreset.tokens.RandomNumberTokenGenerator"
}

You can configure the minimum and maximum number as follows:

DJANGO_REST_PASSWORDRESET_TOKEN_CONFIG = {
    "CLASS": "django_rest_passwordreset.tokens.RandomNumberTokenGenerator",
    "OPTIONS": {
        "min_number": 1500,
        "max_number": 9999
    }
}

It uses random.SystemRandom().randint() to generate a good random number.

Write your own Token Generator

Please see token_configuration/django_rest_passwordreset/tokens.py for example implementation of number and string token generator.

The basic idea is to create a new class that inherits from BaseTokenGenerator, takes arbitrary arguments (args and kwargs) in the __init__ function as well as implementing a generate_token function.

from django_rest_passwordreset.tokens import BaseTokenGenerator


class RandomStringTokenGenerator(BaseTokenGenerator):
    """
    Generates a random string with min and max length using os.urandom and binascii.hexlify
    """

    def __init__(self, min_length=10, max_length=50, *args, **kwargs):
        self.min_length = min_length
        self.max_length = max_length

    def generate_token(self, *args, **kwargs):
        """ generates a pseudo random code using os.urandom and binascii.hexlify """
        # determine the length based on min_length and max_length
        length = random.randint(self.min_length, self.max_length)

        # generate the token using os.urandom and hexlify
        return binascii.hexlify(
            os.urandom(self.max_length)
        ).decode()[0:length]

Compatibility Matrix

This library should be compatible with the latest Django and Django Rest Framework Versions. For reference, here is a matrix showing the guaranteed and tested compatibility.

django-rest-passwordreset Version Django Versions Django Rest Framework Versions Python
0.9.7 1.8, 1.11, 2.0, 2.1 3.6 - 3.9 2.7
1.0 1.11, 2.0, 2.2 3.6 - 3.9 2.7
1.1 1.11, 2.2 3.6 - 3.9 2.7
1.2 2.2, 3.0, 3.1 3.10, 3.11 3.5 - 3.8

Documentation / Browsable API

This package supports the DRF auto-generated documentation (via coreapi) as well as the DRF browsable API.

To add the endpoints to the browsable API, you can use a helper function in your urls.py file:

from rest_framework.routers import DefaultRouter
from django_rest_passwordreset.urls import add_reset_password_urls_to_router

router = DefaultRouter()
add_reset_password_urls_to_router(router, base_path='api/auth/passwordreset')

Alternatively you can import the ViewSets manually and customize the routes for your setup:

from rest_framework.routers import DefaultRouter
from django_rest_passwordreset.views import ResetPasswordValidateTokenViewSet, ResetPasswordConfirmViewSet, \
    ResetPasswordRequestTokenViewSet

router = DefaultRouter()
router.register(
    r'api/auth/passwordreset/validate_token',
    ResetPasswordValidateTokenViewSet,
    basename='reset-password-validate'
)
router.register(
    r'api/auth/passwordreset/confirm',
    ResetPasswordConfirmViewSet,
    basename='reset-password-confirm'
)
router.register(
    r'api/auth/passwordreset/',
    ResetPasswordRequestTokenViewSet,
    basename='reset-password-request'
)

drf_browsable_email_validation

drf_browsable_password_validation

coreapi_docs

Known Issues / FAQ

Django 2.1 Migrations - Multiple Primary keys for table ...

Django 2.1 introduced a breaking change for migrations (see Django Issue #29790). We therefore had to rewrite the migration 0002_pk_migration.py such that it covers Django versions before (<) 2.1 and later (>=) 2.1.

Some information is written down in Issue #8.

The reset_password_token_created signal is not fired

You need to make sure that the code with @receiver(reset_password_token_created) is executed by the python interpreter. To ensure this, you have two options:

  1. Put the code at a place that is automatically loaded by Django (e.g., models.py, views.py), or

  2. Import the file that contains the signal within your app.py ready function:

some_app/signals.py

from django.core.mail import EmailMultiAlternatives
from django.dispatch import receiver
from django.template.loader import render_to_string
from django.urls import reverse

from django_rest_passwordreset.signals import reset_password_token_created


@receiver(reset_password_token_created)
def password_reset_token_created(sender, instance, reset_password_token, *args, **kwargs):
    # ...

some_app/app.py

from django.apps import AppConfig

class SomeAppConfig(AppConfig):
    name = 'your_django_project.some_app'
    verbose_name = 'Some App'

    def ready(self):
        import your_django_project.some_app.signals  # noqa

some_app/init.py

default_app_config = 'your_django_project.some_app.SomeAppConfig'

MongoDB not working

Apparently, the following piece of code in the Django Model prevents MongodB from working:

 id = models.AutoField( 
     primary_key=True 
 ) 

See issue #49 for details.

Contributions

This library tries to follow the unix philosophy of "do one thing and do it well" (which is providing a basic password reset endpoint for Django Rest Framework). Contributions are welcome in the form of pull requests and issues! If you create a pull request, please make sure that you are not introducing breaking changes.

Tests

See folder tests/. Basically, all endpoints are covered with multiple unit tests.

Use this code snippet to run tests:

python setup.py install
cd tests
python manage.py test

Release on PyPi

To release this package on pypi, the following steps are used:

rm -rf dist/ build/
python setup.py sdist
twine upload dist/*
Comments
  • Unable to access verify_token and confirm endpoints

    Unable to access verify_token and confirm endpoints

    Hello,

    I am probably doing something silly wrong, but I've been unable to use the /reset_password/confirm/ and /reset_password/validate_token/ endpoints.

    I am able to post to /reset_password/, generate the token, receive the signal and send the email.

    path('api/password_reset/', include('django_rest_passwordreset.urls', namespace='password_reset')),

    I have the above in my urls.py

    When I go to: http://127.0.0.1:8000/api/password_reset/reset_password/ I can post an email to request a token.

    When I go to: http://127.0.0.1:8000/api/password_reset/reset_password/validate_token/ or http://127.0.0.1:8000/api/password_reset/reset_password/confirm/ there is no change from http://127.0.0.1:8000/api/password_reset/reset_password/, this is what I see:

    image

    Any idea why this is the case?

    Thanks!

    opened by kashgo22 14
  • django.db.utils.ProgrammingError: Multiple primary keys for table «django_rest_passwordreset_resetpasswordtoken» are not allowed.

    django.db.utils.ProgrammingError: Multiple primary keys for table «django_rest_passwordreset_resetpasswordtoken» are not allowed.

    Hi, after updating from version 0.9.4 to 0.9.5 i am getting a django.db.utils.ProgrammingError: Multiple primary keys for table «django_rest_passwordreset_resetpasswordtoken» are not allowed. trying to do a manage.py migrate.

    I don't really know what information you would need to track this issue but i would love to collaborate with you to fix this issue so feel free to ask for whatever context information you would need.

      File "manage.py", line 31, in <module>
        execute_from_command_line(sys.argv)
      File "\venv\lib\site-packages\django\core\management\__init__.py", line 381, in execute_from_command_line
    
        utility.execute()
      File "\venv\lib\site-packages\django\core\management\__init__.py", line 375, in execute
        self.fetch_command(subcommand).run_from_argv(self.argv)
      File "\venv\lib\site-packages\django\core\management\base.py", line 316, in run_from_argv
        self.execute(*args, **cmd_options)
      File "\venv\lib\site-packages\django\core\management\base.py", line 353, in execute
        output = self.handle(*args, **options)
      File "\venv\lib\site-packages\django\core\management\base.py", line 83, in wrapped
        res = handle_func(*args, **kwargs)
      File "\venv\lib\site-packages\django\core\management\commands\migrate.py", line 203, in handle
        fake_initial=fake_initial,
      File "\venv\lib\site-packages\django\db\migrations\executor.py", line 117, in migrate
        state = self._migrate_all_forwards(state, plan, full_plan, fake=fake, fake_initial=fake_initial)
      File "\venv\lib\site-packages\django\db\migrations\executor.py", line 147, in _migrate_all_forwards
        state = self.apply_migration(state, migration, fake=fake, fake_initial=fake_initial)
      File "\venv\lib\site-packages\django\db\migrations\executor.py", line 244, in apply_migration
        state = migration.apply(state, schema_editor)
      File "\venv\lib\site-packages\django\db\migrations\migration.py", line 124, in apply
        operation.database_forwards(self.app_label, schema_editor, old_state, project_state)
      File "\venv\lib\site-packages\django\db\migrations\operations\fields.py", line 216, in database_forwards
        schema_editor.alter_field(from_model, from_field, to_field)
      File "\venv\lib\site-packages\django\db\backends\base\schema.py", line 523, in alter_field
        old_db_params, new_db_params, strict)
      File "\venv\lib\site-packages\django\db\backends\postgresql\schema.py", line 122, in _alter_field
        new_db_params, strict,
      File "\venv\lib\site-packages\django\db\backends\base\schema.py", line 719, in _alter_field
        "columns": self.quote_name(new_field.column),
      File "\venv\lib\site-packages\django\db\backends\base\schema.py", line 133, in execute
        cursor.execute(sql, params)
      File "\venv\lib\site-packages\django\db\backends\utils.py", line 100, in execute
        return super().execute(sql, params)
      File "\venv\lib\site-packages\django\db\backends\utils.py", line 68, in execute
        return self._execute_with_wrappers(sql, params, many=False, executor=self._execute)
      File "\venv\lib\site-packages\django\db\backends\utils.py", line 77, in _execute_with_wrappers
        return executor(sql, params, many, context)
      File "\venv\lib\site-packages\django\db\backends\utils.py", line 85, in _execute
        return self.cursor.execute(sql, params)
      File "\venv\lib\site-packages\django\db\utils.py", line 89, in __exit__
        raise dj_exc_value.with_traceback(traceback) from exc_value
      File "\venv\lib\site-packages\django\db\backends\utils.py", line 85, in _execute
        return self.cursor.execute(sql, params)
    django.db.utils.ProgrammingError: Multiple primary keys for table «django_rest_passwordreset_resetpasswordtoken» are not allowed.
    
    bug Django 
    opened by iagocanalejas 14
  • Django 3.0 is not compatible with extension

    Django 3.0 is not compatible with extension

    celery | File "/usr/local/lib/python3.8/site-packages/django_rest_passwordreset/models.py", line 3, in celery | from django.utils.encoding import python_2_unicode_compatible celery | ImportError: cannot import name 'python_2_unicode_compatible' from 'django.utils.encoding' (/usr/local/lib/python3.8/site-packages/django/utils/encoding.py)

    opened by MuslimBeibytuly 12
  • cannot import name 'message_from_file'

    cannot import name 'message_from_file'

    When I try adding 'django_rest_passwordreset' to django apps, I get this error:

    Traceback (most recent call last):
      File "manage.py", line 28, in <module>
        from django.core.management import execute_from_command_line
      File "/home/giovanni/git/ozzy-backend/venv/lib/python3.6/site-packages/django/__init__.py", line 1, in <module>
        from django.utils.version import get_version
      File "/home/giovanni/git/ozzy-backend/venv/lib/python3.6/site-packages/django/utils/version.py", line 6, in <module>
        from distutils.version import LooseVersion
      File "/home/giovanni/git/ozzy-backend/venv/lib/python3.6/distutils/__init__.py", line 25, in <module>
        from distutils import dist, sysconfig
      File "/usr/lib64/python3.6/distutils/dist.py", line 10, in <module>
        from email import message_from_file
    ImportError: cannot import name 'message_from_file'
    
    The above exception was the direct cause of the following exception:
    
    Traceback (most recent call last):
      File "manage.py", line 34, in <module>
        ) from exc
    ImportError: Couldn't import Django. Are you sure it's installed and available on your PYTHONPATH environment variable? Did you forget to activate a virtual environment?
    

    And removing it my app runs fine. Can you help me with this issue? This has something to do with the email package?

    Django: 2.1.2 Python: 3.6 Using virtualenv.

    bug 
    opened by giovannicimolin 12
  • Added reset by phone number functionality

    Added reset by phone number functionality

    Problem

    This package is limited to recovering passwords by email only leaving out use case for where we have users signup with phone number.

    solution

    Added functionality to recover passwords by phone number.

    opened by peterolayinka 9
  • unable to enter into function password_reset_token_created function by generating signal

    unable to enter into function password_reset_token_created function by generating signal

    from django.dispatch import receiver from django.template.loader import render_to_string from django.urls import reverse from django_rest_passwordreset.signals import reset_password_token_created, pre_password_reset,
    post_password_reset

    from sixwallz_app import config from sixwallz_app.send_invitaion_mail import * import logging

    log = logging.getLogger(name)

    @receiver(reset_password_token_created) def password_reset_token_created(sender, instance, reset_password_token, *args, **kwargs): """ Handles password reset tokens When a token is created, an e-mail needs to be sent to the user :param sender: View Class that sent the signal :param instance: View Instance that sent the signal :param reset_password_token: Token Model Object :param args: :param kwargs: :return: """ print("Write Something") # send an e-mail to the user context = { 'current_user': reset_password_token.user, 'username': reset_password_token.user.username, 'email': reset_password_token.user.email, 'reset_password_url': "{}?token={}".format(reverse('password_reset:reset-password-request'), reset_password_token.key) }

    opened by surajraktate 9
  • getting a 400 error saying email is a required field when hitting the confirm endpoint

    getting a 400 error saying email is a required field when hitting the confirm endpoint

    I followed the documentation to a T and have the token creation and the email sending, but when I attempt to hit the confirm endpoint locally using post man with the token I received in the last email, it appears that the request is being handled as if I am hitting password_reset.

    path('password_reset', include('django_rest_passwordreset.urls', namespace='password_reset')), This is my entry in URLs

    opened by otisscott 8
  • Strengthen the password validator by using it in the APIView

    Strengthen the password validator by using it in the APIView

    As per the the name of pull request, validating password in the APIView makes more sense as we are able to access the user. This allows us to validate password against UserAttributeSimilarityVlidator, MinimumLengthValidator, CommonPasswordValidator, NumericPasswordValidator or any other custom validators that have been defined in the project config under AUTH_PASSWORD_VALIDATORS.

    For ex:

        AUTH_PASSWORD_VALIDATORS = [
            {
                'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
            },
            {
                'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
                'OPTIONS': {
                    'min_length': 12,
                }
            },
            {
                'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
            },
            {
                'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
            },
        ]
    
    opened by thapabishwa 8
  • random numbers instead of token

    random numbers instead of token

    Hello sir, I am very impressed with this module and decided to use it. I would like to override the functionality where i can change the key def generate_key(): """ generates a pseudo random code using os.urandom and binascii.hexlify """ return binascii.hexlify(os.urandom(32)).decode()

    to randint. Please let me know if there is a way to override it?

    enhancement help wanted 
    opened by rtiwarihr 8
  • Email not sent

    Email not sent

    I am able to configure django-rest-passwordreset successfully and I receive the response: { "status": "OK" } However, i am not receiving in the email though.

    opened by rtiwarihr 8
  • Moved some validations to the serializer

    Moved some validations to the serializer

    @anx-cbenke I created a new pull request with the same changes from the old pull request. because some changes were not intended to merge on this request.

    These changes are only related to moving some of the validations to the serializer.

    opened by marianoeramirez 7
  • Improve feedback message for token not found

    Improve feedback message for token not found

    Description

    Describe your changes or fixes (please link to an issue if applicable) Added a feedback message when token not found in serializer

    Types of changes

    • [ ] Breaking change (fix or feature that would cause existing functionality to change)
    • [x] New feature (non-breaking change which adds functionality)
    • [ ] Bug fix (non-breaking change which fixes an issue)
    • [ ] Refactoring (improvements in base code)
    • [ ] Add test (adds test coverage to functionality)

    Checklist

    • [ ] Automated tests
    • [ ] Extends CHANGELOG.md
    • [ ] Requires migrations?
    • [ ] Requires dependency update?
    opened by felipesilvadv 0
  • [BUG] I can't get token

    [BUG] I can't get token

    Describe the bug I accessed to "api_url/reset_password/" and post email but I can't get token.

    How to reproduce Describe how to reproduce the behavior.

    Expected behavior A clear and concise description of what you expected to happen.

    Additional context Add any other context about the problem here.

    opened by toma1031 0
  • IntegrityError at /api/password_reset/  null value in column

    IntegrityError at /api/password_reset/ null value in column "id" of relation "django_rest_passwordreset_resetpasswordtoken" violates not-null constraint

    null value in column "id" of relation "django_rest_passwordreset_resetpasswordtoken" violates not-null constraint DETAIL: Failing row contains (2022-08-18 04:56:49.334713+00, 5e47cb425ce5db35388725370cb3dbf4e964245e, 49.204.165.2, Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KH..., 11, null).

    opened by shubh010 23
  • [FEATURE] Limit request forgot password

    [FEATURE] Limit request forgot password

    I cannot block request when user use multiple feature forgot password I need some config in setting.py file. I can add number of limit use feature forgot

    opened by hongquanvn1998 1
  • [BUG] Unable to create or change a table without a primary key on migration

    [BUG] Unable to create or change a table without a primary key on migration

    After installing django-rest-passwordreset==1.2.0 with django version 3.2 I added the following to my installed apps:

     INSTALLED_APPS = [
        'corsheaders',
        'django.contrib.admin',
        'django.contrib.auth', <------
        'django.contrib.contenttypes',
        'django.contrib.sessions',
        'django.contrib.messages',
        'django.contrib.staticfiles',
        'rest_framework', <-----
        'rest_framework_simplejwt.token_blacklist',
        'django_elasticsearch_dsl',
        'django_rest_passwordreset' <---
    ]
    

    After this I ran python manage.py migrate and I get the following error:

    Running migrations:
      Applying django_rest_passwordreset.0001_initial... OK
      Applying django_rest_passwordreset.0002_pk_migration...Traceback (most recent call last):
      .
      .
      .
    pymysql.err.OperationalError: (3750, "Unable to create or change a table without a primary key, when the system variable 'sql_require_primary_key' is set. Add a primary key to the table or unset this variable to avoid this message.
    Note that tables without a primary key can cause performance problems in row-based replication, so please consult your DBA before changing this setting.")
    
    The above exception was the direct cause of the following exception:
    
    Traceback (most recent call last):
     .
     .
     .
    django.db.utils.OperationalError: (3750, "Unable to create or change a table without a primary key, when the system variable 'sql_require_primary_key' is set. Add a primary key to the table or unset this variable to avoid this message. Note that tables without a primary key can cause performance problems in row-based replication, so please consult your DBA before changing this setting.")
    
    

    Looking at the code makes me think the order is wrong in: django-rest-passwordreset/django_rest_passwordreset/migrations/0002_pk_migration.py

    First add Id field with primary key before removing the existing primary key

    opened by mathijsfr 1
Releases(1.3.0)
  • 1.3.0(Sep 15, 2022)

    What's Changed

    • Allow password reset without being authenticated by @nittolese in https://github.com/anexia-it/django-rest-passwordreset/pull/148
    • Update readme, compatibility matrix, prepare new release by @nezhar in https://github.com/anexia-it/django-rest-passwordreset/pull/167

    New Contributors

    • @nittolese made their first contribution in https://github.com/anexia-it/django-rest-passwordreset/pull/148

    Full Changelog: https://github.com/anexia-it/django-rest-passwordreset/compare/1.2.1...1.3.0

    Source code(tar.gz)
    Source code(zip)
  • 1.2.1(Oct 22, 2021)

  • 1.2.0(Jun 12, 2021)

  • 1.1.0rc3(Aug 9, 2019)

    • Added an endpoint to "just" validate a token (good for SPAs, see issue #45) - big thanks to @Hall-Erik for MR #60 (and #59)
    • Nullable fields for user agent and remote address are now a thing - see MR #58 and issue #34
    • Use urandom as a "better" random number generator for RandomNumbertokenGenerator - see commit https://github.com/anx-ckreuzberger/django-rest-passwordreset/commit/96e234114b494c40c375533bc8006961c2097c4f#diff-acc725a3d6fc8d27d175f0008640b15e
    • Several updates to the README
    Source code(tar.gz)
    Source code(zip)
  • 1.1.0rc2(Aug 1, 2019)

    • Added ability to always return 200: OK, even though the email address was not found #54 - thanks to @stan-sack
    • Added ability to toggle between "user requires to have a usable password" #55 - thanks to @stan-sack
    • A typo in README was fixed #51 - thanks to @wencakisa
    Source code(tar.gz)
    Source code(zip)
  • 1.1.0rc1(May 28, 2019)

    • Added dynamic lookup field for email - thanks to @iagocanalejas for PR #31
    • Safe .get() key function for request.META - thanks to @talbenbasat for PR #40
    • Docu updates
    Source code(tar.gz)
    Source code(zip)
  • 1.0.0(Apr 15, 2019)

    Integrated Pull Request #24 which adds:

    • Proper validation errors
    • Password validations (based on Djangos Built-in validate_password function)
    • Browsable API Support

    Thanks to @thapabishwa for PR #22 and PR 27 as well as @maljuboori91 for PR #21 which inspired those changes.

    Also integrated PR #20 which allows to customize Token Generation (e.g., RandomNumberTokenGenerator). Thanks for @rtiwarihr and @iagocanalejas for their proposals and help.

    Also integrated PR #18 by @iagocanalejas which adds a management command for clearing expired tokens as well as some refactoring work.

    Fixed some codestyle errors (using pycodestyle).

    Added basic Support Django 2.2

    Added instance to the password_reset_token_created signal (based on Django signals that have sender and instance).

    Thanks to all contributors.

    Source code(tar.gz)
    Source code(zip)
  • 1.0.0a3(Mar 28, 2019)

    Integrated Pull Request #24 which adds:

    • Proper validation errors
    • Password validations (based on Djangos Built-in validate_password function)
    • Browsable API Support

    Thanks to @thapabishwa for PR #22 and PR 27 as well as @maljuboori91 for PR #21 which inspired those changes.

    Also integrated PR #20 which allows to customize Token Generation (e.g., RandomNumberTokenGenerator). Thanks for @rtiwarihr and @iagocanalejas for their proposals and help.

    Also integrated PR #18 by @iagocanalejas which adds a management command for clearing expired tokens as well as some refactoring work.

    Fixed some codestyle errors (using pycodestyle).

    Added basic Support Django 2.2

    Added instance to the password_reset_token_created signal (based on Django signals that have sender and instance).

    Thanks to all contributors.

    Please note that this is a pre-release

    Source code(tar.gz)
    Source code(zip)
  • 1.0.0a2(Mar 25, 2019)

    Integrated Pull Request #24 which adds:

    • Proper validation errors
    • Password validations (based on Djangos Built-in validate_password function)
    • Browsable API Support

    Thanks to @thapabishwa for PR #22 and PR 27 as well as @maljuboori91 for PR #21 which inspired those changes.

    Also integrated PR #20 which allows to customize Token Generation (e.g., RandomNumberTokenGenerator). Thanks for @rtiwarihr and @iagocanalejas for their proposals and help.

    Also integrated PR #18 by @iagocanalejas which adds a management command for clearing expired tokens as well as some refactoring work.

    Fixed some codestyle errors (using pycodestyle).

    Added basic Support Django 2.2

    Thanks to all contributors.

    Please note that this is a pre-release

    Source code(tar.gz)
    Source code(zip)
  • 1.0.0a1(Feb 18, 2019)

    Integrated Pull Request #24 which adds:

    • Proper validation errors
    • Password validations (based on Djangos Built-in validate_password function)
    • Browsable API Support

    Thanks to @thapabishwa for PR #22 as well as @maljuboori91 for PR #21 which inspired those changes.

    Also integrated PR #20 which allows to customize Token Generation (e.g., RandomNumberTokenGenerator). Thanks for @rtiwarihr and @iagocanalejas for their proposals and help.

    Also integrated PR #18 by @iagocanalejas which adds a management command for clearing expired tokens as well as some refactoring work.

    Thanks to all contributors.

    Please note that this is a pre-release

    Source code(tar.gz)
    Source code(zip)
  • 0.9.7(Oct 17, 2018)

  • 0.9.6(Oct 16, 2018)

  • 0.9.5(Aug 27, 2018)

  • 0.9.4(Jun 8, 2018)

Owner
Anexia
Anexia
Simplifying third-party authentication for web applications.

Velruse is a set of authentication routines that provide a unified way to have a website user authenticate to a variety of different identity provider

Ben Bangert 253 Nov 14, 2022
A simple Boilerplate to Setup Authentication using Django-allauth 🚀

A simple Boilerplate to Setup Authentication using Django-allauth, with a custom template for login and registration using django-crispy-forms.

Yasser Tahiri 13 May 13, 2022
Accounts for Django made beautifully simple

Django Userena Userena is a Django application that supplies your Django project with full account management. It's a fully customizable application t

Bread & Pepper 1.3k Sep 18, 2022
Some scripts to utilise device code authorization for phishing.

OAuth Device Code Authorization Phishing Some scripts to utilise device code authorization for phishing. High level overview as per the instructions a

Daniel Underhay 6 Oct 03, 2022
Luca Security Concept

Luca Security Concept This is the document source of luca's security concept. Please go here for the HTML version: https://luca-app.de/securityconcept

luca 43 Oct 22, 2022
A JSON Web Token authentication plugin for the Django REST Framework.

Simple JWT Abstract Simple JWT is a JSON Web Token authentication plugin for the Django REST Framework. For full documentation, visit django-rest-fram

Simple JWT 3.3k Jan 01, 2023
A host-guest based app in which host can CREATE the room. and guest can join room with room code and vote for song to skip. User is authenticated using Spotify API

A host-guest based app in which host can CREATE the room. and guest can join room with room code and vote for song to skip. User is authenticated using Spotify API

Aman Raj 5 May 10, 2022
OpenStack Keystone auth plugin for HTTPie

httpie-keystone-auth OpenStack Keystone auth plugin for HTTPie. Installation $ pip install --upgrade httpie-keystone-auth You should now see keystone

Pavlo Shchelokovskyy 1 Oct 20, 2021
Official implementation of the AAAI 2022 paper "Learning Token-based Representation for Image Retrieval"

Token: Token-based Representation for Image Retrieval PyTorch training code for Token-based Representation for Image Retrieval. We propose a joint loc

Hui Wu 42 Dec 06, 2022
A JSON Web Token authentication plugin for the Django REST Framework.

Simple JWT Abstract Simple JWT is a JSON Web Token authentication plugin for the Django REST Framework. For full documentation, visit django-rest-fram

Jazzband 3.2k Dec 29, 2022
Automatic login utility of free Wi-Fi captive portals

wicafe Automatic login utility of free Wi-Fi captive portals Disclaimer: read and grant the Terms of Service of Wi-Fi services before using it! This u

Takumi Sueda 8 May 31, 2022
JSON Web Token implementation in Python

PyJWT A Python implementation of RFC 7519. Original implementation was written by @progrium. Sponsor If you want to quickly add secure token-based aut

José Padilla 4.5k Jan 09, 2023
Simple yet powerful authorization / authentication client library for Python web applications.

Authomatic Authomatic is a framework agnostic library for Python web applications with a minimalistic but powerful interface which simplifies authenti

1k Dec 28, 2022
This is a Token tool that gives you many options to harm the account.

Trabis-Token-Tool This is a Token tool that gives you many options to harm the account. Utilities With this tools you can do things as : ·Delete all t

Steven 2 Feb 13, 2022
Awesome Django authorization, without the database

rules rules is a tiny but powerful app providing object-level permissions to Django, without requiring a database. At its core, it is a generic framew

1.6k Dec 30, 2022
A Python library to create and validate authentication tokens

handshake A Python library to create and validate authentication tokens. handshake is used to generate and validate arbitrary authentication tokens th

0 Apr 26, 2022
This script will pull and analyze syscalls in given application(s) allowing for easier security research purposes

SyscallExtractorAnalyzer This script will pull and analyze syscalls in given application(s) allowing for easier security research purposes Goals Teach

Truvis Thornton 18 Jul 09, 2022
Login-python - Login system made in Python, using native libraries

login-python Sistema de login feito 100% em Python, utilizando bibliotecas nativ

Nicholas Gabriel De Matos Leal 2 Jan 28, 2022
蓝鲸用户管理是蓝鲸智云提供的企业组织架构和用户管理解决方案,为企业统一登录提供认证源服务。

蓝鲸用户管理 简体中文 | English 蓝鲸用户管理是蓝鲸智云提供的企业组织架构和用户管理解决方案,为企业统一登录提供认证源服务。 总览 架构设计 代码目录 功能 支持多层级的组织架构管理 支持通过多种方式同步数据:OpenLDAP、Microsoft Active Directory(MAD)

腾讯蓝鲸 35 Dec 14, 2022
Basic auth for Django.

easy-basicauth WARNING! THIS LIBRARY IS IN PROGRESS! ANYTHING CAN CHANGE AT ANY MOMENT WITHOUT ANY NOTICE! Installation pip install easy-basicauth Usa

bichanna 2 Mar 25, 2022