Painless djangorestframework TokenAuthentication.
Project description
drf-auth
Painless token authentication for django restframework. Built on top of rest_framework.auth_token. It's meant to provide a ready to use authentication for your SPAs and other Mobile Apps
Installation
pip install drf-restauth
Homepage
The project homepage on: Github
Usage
INSTALLED_APPS=[
'rest_framework',
'rest_framework.authtoken',
'drf_auth'
]
Configure project urls.py:
Subsequent examples assume, you are using "/api/auth/ as the path prefix.
urlpatterns = [
path("api/auth/", include("drf_auth.urls"))
]
# settings.py
REST_FRAMEWORK = {
'DEFAULT_RENDERER_CLASSES': [
'rest_framework.renderers.JSONRenderer',
],
'DEFAULT_AUTHENTICATION_CLASSES': [
'rest_framework.authentication.TokenAuthentication'
],
'DEFAULT_PERMISSION_CLASSES': [
'rest_framework.permissions.IsAuthenticated'
]
}
# drf-specific settings for password reset
DRF_AUTH_SETTINGS = {
"SITE_NAME": "My Site Title",
"PASSWORD_RESET_REDIRCT_URL": "/",
"PASSWORD_CHANGE_TEMPLATE": "drf_auth/password_change_form.html",
"EMAIL_HOST_USER": "youremail@gmail.com",
"EMAIL_HOST_PASSWORD": "yourpassword",
"EMAIL_HOST": "smtp.gmail.com",
"EMAIL_PORT": 587,
}
These settings can be ignored if you don't plan to do password reset by email!
Endpoints:
/POST api/auth/register/
{
"username": "string",
"password":"string",
"email":"string",
"first_name": "string",
"last_name":"string"
}
response:{
"token": "string",
"user":{
"username": "string",
"password":"string",
"email":"string",
"first_name": "string",
"last_name":"string"
}
}
/POST api/auth/login/
body:
{
"username": "string",
"password":"string"
}
response:{
"token": "string",
"user":{
"username": "string",
"password":"string",
"email":"string",
"first_name": "string",
"last_name":"string"
}
}
/POST api/auth/logout/
body: null
response:{
"success": true
}
/GET api/auth/user/ (Protected Route)
response:
{
"username": "string",
"password":"string",
"email":"string",
"first_name": "string",
"last_name":"string"
}
GET /api/auth/users (Protected route, must be admin)
- Retrieves a json array of all users unpaginated
/api/auth/update-user/ (Protected route)
body:{
"email":"string",
"first_name": "string",
"last_name":"string"
}
response:
{
"username": "string",
"password":"string",
"email":"string",
"first_name": "string",
"last_name":"string"
}
POST /api/auth/change-password/ (Protected route)
body:{
"old_password":"string",
"new_password": "string",
}
response:
{
"username": "string",
"password":"string",
"email":"string",
"first_name": "string",
"last_name":"string"
}
POST /api/auth/reset-password/
For restting forgotten passwords. An email will be sent using the settings provided in settings.DRF_AUTH_SETTINGS dictionary.
body:{
"email":"string",
}
status: 200 - OK(Email sent)
status: 400 - Email not sent
status: 500 - Internal server error
response:
{
"message": "string"
}
Handle user email confirmation
This route handles navigations/get requests when the user clicks the password reset link.
For a complete workflow, provide a template to render in DRF_AUTH_SETTINGS(see above) and make sure that the new password is POSTED to the same route.
The following variables are passed to you in the context for customization:
- user
- site_name
/POST /api/auth/reset_password_confirmation/<uidb64>/<token>/
Note that the token expires after 30 minutes after the email is sent
body:
{
"password": "string"
}
Required Headers
- Authorization: Token xxxxxxxx (required for protected routes)
- Content-Type: application/json
- X-Requested-With: XMLHttpRequest (Desirable)
Practical examples using typescript
import axios from "axios";
// Add content-type header on every request
axios.interceptors.request.use(function (config) {
const token = localStorage.getItem("token");
if (token) {
config.headers.Authorization = `Token ${token}`;
}
config.headers["Content-Type"] = "application/json";
return config;
});
const handleLogin = async (username:string, password:string)=>{
const body = JSON.stringify({
username,
password
});
const res = await axios.post("/api/auth/login/", body);
const {user, token} = res.data;
localStorage.setItem("token", token);
localStorage.setItem("user", JSON.stringify(user));
}
interface User{
username:string,
first_name:string,
last_name:string,
password:string,
email:string
}
const handleRegister = async (user:User):Promise<User> =>{
const body = JSON.stringify(user);
const res = await axios.post("/api/auth/login/", body);
const {user, token} = res.data;
localStorage.setItem("token", token);
localStorage.setItem("user", JSON.stringify(user));
return user
}
type LogoutResponse = {
success: boolean
}
const handleLogout = ():Promise<LogoutResponse>=>{
const res = await axios.post("/api/auth/logout/", null)
return res.data
}
const getLoggedInUser = ():Promise<User>=>{
const res = await axios.get("/api/auth/user/")
return res.data
}
Submit an issue at Github
Feel free to add your voice but be gentle, this is my first open source Django package!
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
File details
Details for the file drf-restauth-0.1.4.tar.gz.
File metadata
- Download URL: drf-restauth-0.1.4.tar.gz
- Upload date:
- Size: 11.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.4.1 importlib_metadata/4.3.0 pkginfo/1.7.0 requests/2.25.1 requests-toolbelt/0.9.1 tqdm/4.61.0 CPython/3.8.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
810882fcccb0f89d0b91366078de4017d4918dd28dd028ed9cc89407106d27d0
|
|
| MD5 |
a9946f35ffb11f6963cf14bd5e6cb658
|
|
| BLAKE2b-256 |
876e1d7335dca5c516668f4b4963c17e39f258ef1684b3fe5f080016d0c10564
|
