Painless djangorestframework TokenAuthentication.
Project description
drf-auth
Painless token authentication for django restframework. Built on top of rest_framework.auth_token. It's meant to provide a ready to use authentication for your SPAs and other Mobile Apps
Installation
pip install drf-restauth
Homepage
The project homepage on: Github
Usage
INSTALLED_APPS=[ 'rest_framework', 'rest_framework.authtoken', 'drf_auth' ]
Configure project urls.py:
Subsequent examples assume, you are using "/api/auth/ as the path prefix.
urlpatterns = [ path("api/auth/", include("drf_auth.urls")) ] # settings.py REST_FRAMEWORK = { 'DEFAULT_RENDERER_CLASSES': [ 'rest_framework.renderers.JSONRenderer', ], 'DEFAULT_AUTHENTICATION_CLASSES': [ 'rest_framework.authentication.TokenAuthentication' ], 'DEFAULT_PERMISSION_CLASSES': [ 'rest_framework.permissions.IsAuthenticated' ] } # drf-specific settings for password reset DRF_AUTH_SETTINGS = { "SITE_NAME": "My Site Title", "PASSWORD_RESET_REDIRCT_URL": "/", "PASSWORD_CHANGE_TEMPLATE": "drf_auth/password_change_form.html", "EMAIL_HOST_USER": "youremail@gmail.com", "EMAIL_HOST_PASSWORD": "yourpassword", "EMAIL_HOST": "smtp.gmail.com", "EMAIL_PORT": 587, }
These settings can be ignored if you don't plan to do password reset by email!
Endpoints:
/POST api/auth/register/
{ "username": "string", "password":"string", "email":"string", "first_name": "string", "last_name":"string" } response:{ "token": "string", "user":{ "username": "string", "password":"string", "email":"string", "first_name": "string", "last_name":"string" } }
/POST api/auth/login/
body: { "username": "string", "password":"string" } response:{ "token": "string", "user":{ "username": "string", "password":"string", "email":"string", "first_name": "string", "last_name":"string" } }
/POST api/auth/logout/
body: null
response:{
"success": true
}
/GET api/auth/user/ (Protected Route)
response: { "username": "string", "password":"string", "email":"string", "first_name": "string", "last_name":"string" }
GET /api/auth/users (Protected route, must be admin)
- Retrieves a json array of all users unpaginated
/api/auth/update-user/ (Protected route)
body:{ "email":"string", "first_name": "string", "last_name":"string" } response: { "username": "string", "password":"string", "email":"string", "first_name": "string", "last_name":"string" }
POST /api/auth/change-password/ (Protected route)
body:{ "old_password":"string", "new_password": "string", } response: { "username": "string", "password":"string", "email":"string", "first_name": "string", "last_name":"string" }
POST /api/auth/reset-password/
For restting forgotten passwords. An email will be sent using the settings provided in settings.DRF_AUTH_SETTINGS dictionary.
body:{ "email":"string", } status: 200 - OK(Email sent) status: 400 - Email not sent status: 500 - Internal server error response: { "message": "string" }
Handle user email confirmation
This route handles navigations/get requests when the user clicks the password reset link.
For a complete workflow, provide a template to render in DRF_AUTH_SETTINGS(see above) and make sure that the new password is POSTED to the same route.
The following variables are passed to you in the context for customization:
- user
- site_name
/POST /api/auth/reset_password_confirmation/<uidb64>/<token>/
Note that the token expires after 30 minutes after the email is sent
body: { "password": "string" }
Required Headers
- Authorization: Token xxxxxxxx (required for protected routes)
- Content-Type: application/json
- X-Requested-With: XMLHttpRequest (Desirable)
Practical examples using typescript
import axios from "axios"; // Add content-type header on every request axios.interceptors.request.use(function (config) { const token = localStorage.getItem("token"); if (token) { config.headers.Authorization = `Token ${token}`; } config.headers["Content-Type"] = "application/json"; return config; }); const handleLogin = async (username:string, password:string)=>{ const body = JSON.stringify({ username, password }); const res = await axios.post("/api/auth/login/", body); const {user, token} = res.data; localStorage.setItem("token", token); localStorage.setItem("user", JSON.stringify(user)); } interface User{ username:string, first_name:string, last_name:string, password:string, email:string } const handleRegister = async (user:User):Promise<User> =>{ const body = JSON.stringify(user); const res = await axios.post("/api/auth/login/", body); const {user, token} = res.data; localStorage.setItem("token", token); localStorage.setItem("user", JSON.stringify(user)); return user } type LogoutResponse = { success: boolean } const handleLogout = ():Promise<LogoutResponse>=>{ const res = await axios.post("/api/auth/logout/", null) return res.data } const getLoggedInUser = ():Promise<User>=>{ const res = await axios.get("/api/auth/user/") return res.data }
Submit an issue at Github
Feel free to add your voice but be gentle, this is my first open source Django package!
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.