A reusable Django app that will invalidate all active sessions after change password.
Project description
Installation
Install a package.
$ pip install django-password-session
Add “password_session” to your INSTALLED_APPS setting:
INSTALLED_APPS = (
...
'password_session',
)
Add middleware:
MIDDLEWARE_CLASSES = (
...
'password_session.middleware.CheckPasswordHash',
),
Make sure that you have the following settings:
INSTALLED_APPS = (
...
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
)
AUTHENTICATION_BACKENDS = (
...
'django.contrib.auth.backends.ModelBackend',
)
MIDDLEWARE_CLASSES = (
...
'django.contrib.sessions.middleware.SessionMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
)
To avoid logging out from a current session you should call the following signal directly after change password:
from password_session.signals import password_changed
password_changed.send(sender=user.__class__, user=user, request=request)
Example view
It’s a very simple view for change password just for demonstrating how to call the signal. In real situation this view should be more complicated.
from django.contrib.auth.decorators import login_required
from django.http import HttpResponse
from password_session.signals import password_changed
@login_required(login_url='/admin/')
def change_password_view(request):
user = request.user
user.set_password(request.POST.get('password'))
user.save()
password_changed.send(sender=user.__class__, user=user, request=request)
return HttpResponse("Hello, %s! Your password has been changed!" % user.username)
Settings
Default application settings can be overriden in settings.py:
PASSWORD_SESSION_PASSWORD_HASH_KEY = 'password_session_password_hash_key' # default key stored in session
PASSWORD_SESSION_PASSWORD_HASH_LENGTH = 4 # default key length
Requirements
Python 2.6+ or 3+
Django 1.3+
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Close
Hashes for django-password-session-0.2.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 2fcb139e4f81e3e7c9a3b7817469455ecadd22819522d81ebcbf7c9de5d5b8d4 |
|
MD5 | c14514a7782c758069e0d016b3509f07 |
|
BLAKE2b-256 | 75fed5aaaf1f393385e8ba570292d29074e7c1e8b00e177143de8eea1bdb88ea |