معرفی شرکت ها

django-ninja-passwordreset-1.2.4

Card image cap
تبلیغات ما

مشتریان به طور فزاینده ای آنلاین هستند. تبلیغات می تواند به آنها کمک کند تا کسب و کار شما را پیدا کنند.

مشاهده بیشتر
Card image cap
تبلیغات ما

مشتریان به طور فزاینده ای آنلاین هستند. تبلیغات می تواند به آنها کمک کند تا کسب و کار شما را پیدا کنند.

مشاهده بیشتر
Card image cap
تبلیغات ما

مشتریان به طور فزاینده ای آنلاین هستند. تبلیغات می تواند به آنها کمک کند تا کسب و کار شما را پیدا کنند.

مشاهده بیشتر
Card image cap
تبلیغات ما

مشتریان به طور فزاینده ای آنلاین هستند. تبلیغات می تواند به آنها کمک کند تا کسب و کار شما را پیدا کنند.

مشاهده بیشتر
Card image cap
تبلیغات ما

مشتریان به طور فزاینده ای آنلاین هستند. تبلیغات می تواند به آنها کمک کند تا کسب و کار شما را پیدا کنند.

مشاهده بیشتر
1.2.4
1.0.0
1.2.4
1.0.0

توضیحات

An extension of django ninja framework, providing a configurable password reset strategy
ویژگی مقدار
سیستم عامل -
نام فایل django-ninja-passwordreset-1.2.4
نام django-ninja-passwordreset
نسخه کتابخانه 1.2.4
نگهدارنده []
ایمیل نگهدارنده []
نویسنده -
ایمیل نویسنده Christian Kreuzberger <ckreuzberger@anexia-it.com>, Ezeudoh Tochukwu <tochukwu.ezeudoh@gmail.com>
آدرس صفحه اصلی -
آدرس اینترنتی https://pypi.org/project/django-ninja-passwordreset/
مجوز -
# Django Rest Password Reset [![PyPI version](https://img.shields.io/pypi/v/django-ninja-passwordreset.svg)](https://pypi.org/project/django-ninja-passwordreset/) [![build-and-test actions status](https://github.com/eadwinCode/django-ninja-passwordreset/workflows/Test/badge.svg)](https://github.com/eadwinCode/django-ninja-passwordreset/actions) [![Codecov](https://img.shields.io/codecov/c/gh/eadwinCode/django-ninja-passwordreset)](https://codecov.io/gh/eadwinCode/django-ninja-passwordreset) This python package provides a simple password reset strategy for django rest framework, where users can request password reset tokens via their registered e-mail address. The main idea behind this package is to not make any assumptions about how the token is delivered to the end-user (e-mail, text-message, etc...). Instead, this package provides a signal that can be reacted on (e.g., by sending an e-mail or a text message). This package basically provides two REST endpoints: * Request a token * Verify (confirm) a token (and change the password) ## Quickstart 1. Install the package from pypi using pip: ```bash pip install django-ninja-passwordreset ``` 2. Add ``django_rest_passwordreset`` to your ``INSTALLED_APPS`` (after ``rest_framework``) within your Django settings file: ```python INSTALLED_APPS = ( ... 'django.contrib.auth', ... 'ninja_extra', ... 'django_rest_passwordreset', ... ) ``` 3. This package stores tokens in a separate database table (see [django_rest_passwordreset/models.py](django_rest_passwordreset/models.py)). Therefore, you have to run django migrations: ```bash python manage.py migrate ``` 4. This package provides three endpoints, which can be included by including ``django_rest_passwordreset.urls`` in your ``urls.py`` as follows: ```python from django.urls import path from ninja_extra import NinjaExtraAPI from django_rest_passwordreset.controller import ResetPasswordController api = NinjaExtraAPI(urls_namespace='password_test') api.register_controllers(ResetPasswordController) urlpatterns = [ ..., path(r'^api/', api.urls), ... ] ``` **Note**: You can adapt the URL to your needs. ### Endpoints The following endpoints are provided: * `POST ${API_URL}/` - request a reset password token by using the ``email`` parameter * `POST ${API_URL}/confirm/` - using a valid ``token``, the users password is set to the provided ``password`` * `POST ${API_URL}/validate_token/` - will return a 200 if a given ``token`` is valid where `${API_URL}/` is the url specified in your *urls.py* (e.g., `api/password_reset/` as in the example above) ### Signals * ``reset_password_token_created(sender, instance, reset_password_token)`` Fired when a reset password token is generated * ``pre_password_reset(sender, user)`` - fired just before a password is being reset * ``post_password_reset(sender, user)`` - fired after a password has been reset ### Example for sending an e-mail 1. Create two new django templates: `email/user_reset_password.html` and `email/user_reset_password.txt`. Those templates will contain the e-mail message sent to the user, aswell as the password reset link (or token). Within the templates, you can access the following context variables: `current_user`, `username`, `email`, `reset_password_url`. Feel free to adapt this to your needs. 2. Add the following code, which contains a Django Signal Receiver (`@receiver(...)`), to your application. Take care where to put this code, as it needs to be executed by the python interpreter (see the section *The `reset_password_token_created` signal is not fired* below, aswell as [this part of the django documentation](https://docs.djangoproject.com/en/1.11/topics/signals/#connecting-receiver-functions) and [How to Create Django Signals Tutorial](https://simpleisbetterthancomplex.com/tutorial/2016/07/28/how-to-create-django-signals.html) for more information). ```python from django.core.mail import EmailMultiAlternatives from django.dispatch import receiver from django.template.loader import render_to_string from django.urls import reverse from django_rest_passwordreset.signals import reset_password_token_created @receiver(reset_password_token_created) def password_reset_token_created(sender, instance, reset_password_token, *args, **kwargs): """ Handles password reset tokens When a token is created, an e-mail needs to be sent to the user :param sender: View Class that sent the signal :param instance: View Instance that sent the signal :param reset_password_token: Token Model Object :param args: :param kwargs: :return: """ # send an e-mail to the user context = { 'current_user': reset_password_token.user, 'username': reset_password_token.user.username, 'email': reset_password_token.user.email, 'reset_password_url': "{}?token={}".format( instance.request.build_absolute_uri(reverse('password_reset:reset-password-confirm')), reset_password_token.key) } # render email text email_html_message = render_to_string('email/user_reset_password.html', context) email_plaintext_message = render_to_string('email/user_reset_password.txt', context) msg = EmailMultiAlternatives( # title: "Password Reset for {title}".format(title="Some website title"), # message: email_plaintext_message, # from: "noreply@somehost.local", # to: [reset_password_token.user.email] ) msg.attach_alternative(email_html_message, "text/html") msg.send() ``` 3. You should now be able to use the endpoints to request a password reset token via your e-mail address. If you want to test this locally, I recommend using some kind of fake mailserver (such as maildump). # Configuration / Settings The following settings can be set in Django ``settings.py`` file: * `DJANGO_REST_MULTITOKENAUTH_RESET_TOKEN_EXPIRY_TIME` - time in hours about how long the token is active (Default: 24) **Please note**: expired tokens are automatically cleared based on this setting in every call of ``ResetPasswordRequestToken.post``. * `DJANGO_REST_PASSWORDRESET_NO_INFORMATION_LEAKAGE` - will cause a 200 to be returned on `POST ${API_URL}/reset_password/` even if the user doesn't exist in the databse (Default: False) * `DJANGO_REST_MULTITOKENAUTH_REQUIRE_USABLE_PASSWORD` - allows password reset for a user that does not [have a usable password](https://docs.djangoproject.com/en/2.2/ref/contrib/auth/#django.contrib.auth.models.User.has_usable_password) (Default: True) ## Custom Email Lookup By default, `email` lookup is used to find the user instance. You can change that by adding ```python DJANGO_REST_LOOKUP_FIELD = 'custom_email_field' ``` into Django settings.py file. ## Custom Remote IP Address and User Agent Header Lookup If your setup demands that the IP adress of the user is in another header (e.g., 'X-Forwarded-For'), you can configure that (using Django Request Headers): ```python DJANGO_REST_PASSWORDRESET_IP_ADDRESS_HEADER = 'HTTP_X_FORWARDED_FOR' ``` The same is true for the user agent: ```python HTTP_USER_AGENT_HEADER = 'HTTP_USER_AGENT' ``` ## Custom Token Generator By default, a random string token of length 10 to 50 is generated using the ``RandomStringTokenGenerator`` class. This library offers a possibility to configure the params of ``RandomStringTokenGenerator`` as well as switch to another token generator, e.g. ``RandomNumberTokenGenerator``. You can also generate your own token generator class. You can change that by adding ```python DJANGO_REST_PASSWORDRESET_TOKEN_CONFIG = { "CLASS": ..., "OPTIONS": {...} } ``` into Django settings.py file. ### RandomStringTokenGenerator This is the default configuration. ```python DJANGO_REST_PASSWORDRESET_TOKEN_CONFIG = { "CLASS": "django_rest_passwordreset.tokens.RandomStringTokenGenerator" } ``` You can configure the length as follows: ```python DJANGO_REST_PASSWORDRESET_TOKEN_CONFIG = { "CLASS": "django_rest_passwordreset.tokens.RandomStringTokenGenerator", "OPTIONS": { "min_length": 20, "max_length": 30 } } ``` It uses `os.urandom()` to generate a good random string. ### RandomNumberTokenGenerator ```python DJANGO_REST_PASSWORDRESET_TOKEN_CONFIG = { "CLASS": "django_rest_passwordreset.tokens.RandomNumberTokenGenerator" } ``` You can configure the minimum and maximum number as follows: ```python DJANGO_REST_PASSWORDRESET_TOKEN_CONFIG = { "CLASS": "django_rest_passwordreset.tokens.RandomNumberTokenGenerator", "OPTIONS": { "min_number": 1500, "max_number": 9999 } } ``` It uses `random.SystemRandom().randint()` to generate a good random number. ### Write your own Token Generator Please see [token_configuration/django_rest_passwordreset/tokens.py](token_configuration/django_rest_passwordreset/tokens.py) for example implementation of number and string token generator. The basic idea is to create a new class that inherits from BaseTokenGenerator, takes arbitrary arguments (`args` and `kwargs`) in the ``__init__`` function as well as implementing a `generate_token` function. ```python from django_rest_passwordreset.tokens import BaseTokenGenerator class RandomStringTokenGenerator(BaseTokenGenerator): """ Generates a random string with min and max length using os.urandom and binascii.hexlify """ def __init__(self, min_length=10, max_length=50, *args, **kwargs): self.min_length = min_length self.max_length = max_length def generate_token(self, *args, **kwargs): """ generates a pseudo random code using os.urandom and binascii.hexlify """ # determine the length based on min_length and max_length length = random.randint(self.min_length, self.max_length) # generate the token using os.urandom and hexlify return binascii.hexlify( os.urandom(self.max_length) ).decode()[0:length] ``` ## Known Issues / FAQ ### Django 2.1 Migrations - Multiple Primary keys for table ... Django 2.1 introduced a breaking change for migrations (see [Django Issue #29790](https://code.djangoproject.com/ticket/29790)). We therefore had to rewrite the migration [0002_pk_migration.py](django_rest_passwordreset/migrations/0002_pk_migration.py) such that it covers Django versions before (`<`) 2.1 and later (`>=`) 2.1. Some information is written down in Issue #8. ### The `reset_password_token_created` signal is not fired You need to make sure that the code with `@receiver(reset_password_token_created)` is executed by the python interpreter. To ensure this, you have two options: 1. Put the code at a place that is automatically loaded by Django (e.g., models.py, views.py), or 2. Import the file that contains the signal within your app.py `ready` function: *some_app/signals.py* ```python from django.core.mail import EmailMultiAlternatives from django.dispatch import receiver from django.template.loader import render_to_string from django.urls import reverse from django_rest_passwordreset.signals import reset_password_token_created @receiver(reset_password_token_created) def password_reset_token_created(sender, instance, reset_password_token, *args, **kwargs): # ... ``` *some_app/app.py* ```python from django.apps import AppConfig class SomeAppConfig(AppConfig): name = 'your_django_project.some_app' verbose_name = 'Some App' def ready(self): import your_django_project.some_app.signals # noqa ``` *some_app/__init__.py* ```python default_app_config = 'your_django_project.some_app.SomeAppConfig' ``` ### MongoDB not working Apparently, the following piece of code in the Django Model prevents MongodB from working: ```python id = models.AutoField( primary_key=True ) ``` See issue #49 for details. ## Contributions This library tries to follow the unix philosophy of "do one thing and do it well" (which is providing a basic password reset endpoint for Django Rest Framework). Contributions are welcome in the form of pull requests and issues! If you create a pull request, please make sure that you are not introducing breaking changes. ## Tests See folder [tests/](tests/). Basically, all endpoints are covered with multiple unit tests. Use this code snippet to run tests: ```bash make install make test ```


نیازمندی

مقدار نام
=2. Django
- django-ninja-extra
- pyjwt[crypto]
- pydantic[email]
- black==21.12b0
=5.0.6,<6.0. isort
=3.8.3,<7.0. flake8
- click==8.0.4
- pytest
- pytest-django
- pytest-cov


زبان مورد نیاز

مقدار نام
>=3.7 Python


نحوه نصب


نصب پکیج whl django-ninja-passwordreset-1.2.4:

    pip install django-ninja-passwordreset-1.2.4.whl


نصب پکیج tar.gz django-ninja-passwordreset-1.2.4:

    pip install django-ninja-passwordreset-1.2.4.tar.gz