{
"info": {
"author": "Lijo",
"author_email": "lijoev@gmail.com",
"bugtrack_url": null,
"classifiers": [
"Development Status :: 5 - Production/Stable",
"Environment :: Web Environment",
"Framework :: Django",
"Intended Audience :: Developers",
"License :: OSI Approved :: MIT License",
"Operating System :: OS Independent",
"Programming Language :: Python",
"Programming Language :: Python :: 3",
"Programming Language :: Python :: 3.6",
"Programming Language :: Python :: Implementation :: CPython",
"Programming Language :: Python :: Implementation :: PyPy",
"Topic :: Internet :: WWW/HTTP"
],
"description": "![ci-image]\n\ndjangopasswordlessknox is a quick way to integrate \u2018passwordless\u2019 auth into\nyour Django Rest Framework project using a user\u2019s email address or\nmobile number only (herein referred to as an alias).\n\nBuilt knox TokenAuthentication system, it sends the\nuser a 6-digit callback token to a given email address or a mobile\nnumber. The user sends it back correctly and they\u2019re given an\nauthentication token.\n\nCallback tokens by default expire after 15 minutes.\n\nExample Usage:\n==============\n\n```bash\ncurl -X POST -d \u201cemail=lijoev@example.com\u201d localhost:8000/auth/email/\n```\n\nEmail to lijoev@example.com:\n\n```\n...\nYour login token is 815381.
\n...\n```\n\nReturn Stage\n\n```bash\ncurl -X POST -d \"token=815381\" localhost:8000/callback/auth/\n\n> HTTP/1.0 200 OK\n> {\"token\":\"76be2d9ecfaf5fa4226d722bzdd8a4fff207ed0e\u201d}\n```\n\nRequirements\n============\n\n- Python (3.6+)\n- Django (2.0+)\n- Django Rest Framework + AuthToken (3.6+)\n- django-rest-knox (4.1.0)\n- Python-Twilio (Optional, for mobile.)\n\n\nInstall\n=======\n\n1. Install djangopasswordlessknox\n\n ```\n pipenv install djangopasswordlessknox\n ```\n\n2. Add Django Rest Framework\u2019s Token Authentication to your Django Rest\n Framework project.\n\n```python\n REST_FRAMEWORK = {\n 'DEFAULT_AUTHENTICATION_CLASSES':\n ('knox.auth.TokenAuthentication',\n )}\n\n INSTALLED_APPS = [\n ...\n 'rest_framework',\n 'knox',\n 'djangopasswordlessknox',\n ...\n ]\n REST_KNOX = {\n 'SECURE_HASH_ALGORITHM': 'cryptography.hazmat.primitives.hashes.SHA512',\n 'AUTH_TOKEN_CHARACTER_LENGTH': 64,\n 'TOKEN_TTL': timedelta(hours=10),\n 'USER_SERIALIZER': 'knox.serializers.UserSerializer',\n 'TOKEN_LIMIT_PER_USER': None,\n 'AUTO_REFRESH': False,\n # 'EXPIRY_DATETIME_FORMAT': api_settings.DATETME_FORMAT,\n}\n```\n\nAnd run\n```bash\npython manage.py migrate\n```\n\n3. Set which types of contact points are allowed for auth in your\n Settings.py. The available options are ``EMAIL`` and ``MOBILE``.\n\n```python\nPASSWORDLESS_AUTH = {\n ..\n 'PASSWORDLESS_AUTH_TYPES': ['EMAIL', 'MOBILE'],\n ..\n}\n```\n\n By default drfpasswordless looks for fields named ``email`` or ``mobile``\n on the User model. If an alias provided doesn\u2019t belong to any given user,\n a new user is created.\n\n 3a. If you\u2019re using ``email``, see the Configuring Email section\n below.\n\n 3b. If you\u2019re using ``mobile``, see the Configuring Email section\n below.\n\n4. Add ``knoxpasswordlessdrf.urls`` to your urls.py\n\n```python\n urlpatterns = [\n ..\n path('', include('djangopasswordlessknox.urls')),\n ..\n ]\n```\n\n5. You can now POST to either of the endpoints:\n\n```bash\ncurl -X POST -d \"email=lijoev@example.com\" localhost:8000/auth/email/\n\n// OR\n\ncurl -X POST -d \"mobile=+15552143912\" localhost:8000/auth/mobile/\n```\n A 6 digit callback token will be sent to the contact point.\n\n6. The client has 15 minutes to use the 6 digit callback token\n correctly. If successful, they get an authorization token in exchange\n which the client can then use with Django Rest Framework\u2019s\n TokenAuthentication scheme.\n\n```bash\ncurl -X POST -d \"token=815381\" localhost:8000/callback/auth/\n\n> HTTP/1.0 200 OK\n> {\"token\":\"76be2d9ecfaf5fa4226d722bzdd8a4fff207ed0e\u201d}\n```\n\nConfiguring Emails\n------------------\n\nSpecify the email address you\u2019d like to send the callback token from\nwith the ``PASSWORDLESS_EMAIL_NOREPLY_ADDRESS`` setting.\n\nYou\u2019ll also need to set up an SMTP server to send emails (`See Django\nDocs `__), but for\ndevelopment you can set up a dummy development smtp server to test\nemails. Sent emails will print to the console. `Read more\nhere. `__\n\n```python\n# Settings.py\n\u2026\nEMAIL_HOST = 'localhost'\nEMAIL_PORT = 1025\n```\n\nThen run the following:\n\n```bash\npython -m smtpd -n -c DebuggingServer localhost:1025\n```\n\nConfiguring Mobile\n------------------\n\nYou\u2019ll need to have the python twilio module installed\n\n```bash\npipenv install twilio\n```\n\nand set the ``TWILIO_ACCOUNT_SID`` and ``TWILIO_AUTH_TOKEN`` environment\nvariables.\n\nYou\u2019ll also need to specify the number you send the token from with the\n``PASSWORDLESS_MOBILE_NOREPLY_NUMBER`` setting.\n\nTemplates\n=========\n\nIf you\u2019d like to use a custom email template for your email callback\ntoken, specify your template name with this setting:\n\n```bash\nPASSWORDLESS_AUTH = {\n ...\n 'PASSWORDLESS_EMAIL_TOKEN_HTML_TEMPLATE_NAME': \"mytemplate.html\"\n}\n```\n\nThe template renders a single variable ``{{ callback_token }}`` which is\nthe 6 digit callback token being sent.\n\nContact Point Validation\n========================\n\nEndpoints can automatically mark themselves as validated when a user\nlogs in with a token sent to a specific endpoint. They can also\nautomatically mark themselves as invalid when a user changes a contact\npoint.\n\nThis is off by default but can be turned on with\n``PASSWORDLESS_USER_MARK_EMAIL_VERIFIED`` or\n``PASSWORDLESS_USER_MARK_MOBILE_VERIFIED``. By default when these are\nenabled they look for the User model fields ``email_verified`` or\n``mobile_verified``.\n\nYou can also use ``/validate/email/`` or ``/validate/mobile/`` which will\nautomatically send a token to the endpoint attached to the current\n``request.user``'s email or mobile if available.\n\nYou can then send that token to ``/callback/verify/`` which will double-check\nthat the endpoint belongs to the request.user and mark the alias as verified.\n\nRegistration\n============\n\nAll unrecognized emails and mobile numbers create new accounts by\ndefault. New accounts are automatically set with\n``set_unusable_password()`` but it\u2019s recommended that admins have some\ntype of password.\n\nThis can be turned off with the ``PASSWORDLESS_REGISTER_NEW_USERS``\nsetting.\n\nOther Settings\n==============\n\nHere\u2019s a full list of the configurable defaults.\n\n```python\nDEFAULTS = {\n\n # Allowed auth types, can be EMAIL, MOBILE, or both.\n 'PASSWORDLESS_AUTH_TYPES': ['EMAIL'],\n\n # Amount of time that tokens last, in seconds\n 'PASSWORDLESS_TOKEN_EXPIRE_TIME': 15 * 60,\n\n # The user's email field name\n 'PASSWORDLESS_USER_EMAIL_FIELD_NAME': 'email',\n\n # The user's mobile field name\n 'PASSWORDLESS_USER_MOBILE_FIELD_NAME': 'mobile',\n\n # Marks itself as verified the first time a user completes auth via token.\n # Automatically unmarks itself if email is changed.\n 'PASSWORDLESS_USER_MARK_EMAIL_VERIFIED': False,\n 'PASSWORDLESS_USER_EMAIL_VERIFIED_FIELD_NAME': 'email_verified',\n\n # Marks itself as verified the first time a user completes auth via token.\n # Automatically unmarks itself if mobile number is changed.\n 'PASSWORDLESS_USER_MARK_MOBILE_VERIFIED': False,\n 'PASSWORDLESS_USER_MOBILE_VERIFIED_FIELD_NAME': 'mobile_verified',\n\n # The email the callback token is sent from\n 'PASSWORDLESS_EMAIL_NOREPLY_ADDRESS': None,\n\n # The email subject\n 'PASSWORDLESS_EMAIL_SUBJECT': \"Your Login Token\",\n\n # A plaintext email message overridden by the html message. Takes one string.\n 'PASSWORDLESS_EMAIL_PLAINTEXT_MESSAGE': \"Enter this token to sign in: %s\",\n\n # The email template name.\n 'PASSWORDLESS_EMAIL_TOKEN_HTML_TEMPLATE_NAME': \"passwordless_default_token_email.html\",\n\n # Your twilio number that sends the callback tokens.\n 'PASSWORDLESS_MOBILE_NOREPLY_NUMBER': None,\n\n # The message sent to mobile users logging in. Takes one string.\n 'PASSWORDLESS_MOBILE_MESSAGE': \"Use this code to log in: %s\",\n\n # Registers previously unseen aliases as new users.\n 'PASSWORDLESS_REGISTER_NEW_USERS': True,\n\n # Suppresses actual SMS for testing\n 'PASSWORDLESS_TEST_SUPPRESSION': False,\n\n # Context Processors for Email Template\n 'PASSWORDLESS_CONTEXT_PROCESSORS': [],\n\n # The verification email subject\n 'PASSWORDLESS_EMAIL_VERIFICATION_SUBJECT': \"Your Verification Token\",\n\n # A plaintext verification email message overridden by the html message. Takes one string.\n 'PASSWORDLESS_EMAIL_VERIFICATION_PLAINTEXT_MESSAGE': \"Enter this verification code: %s\",\n\n # The verification email template name.\n 'PASSWORDLESS_EMAIL_VERIFICATION_TOKEN_HTML_TEMPLATE_NAME': \"passwordless_default_verification_token_email.html\",\n\n # The message sent to mobile users logging in. Takes one string.\n 'PASSWORDLESS_MOBILE_VERIFICATION_MESSAGE': \"Enter this verification code: %s\",\n\n # Automatically send verification email or sms when a user changes their alias.\n 'PASSWORDLESS_AUTO_SEND_VERIFICATION_TOKEN': False,\n}\n```\n\nTo Do\n----\n\n- github.io project page\n- Add MkDocs - http://www.mkdocs.org/\n- Support non-US mobile numbers\n- Custom URLs\n- Change bad settings to 500's\n\nPull requests are encouraged!\n\nLicense\n-------\n\nThe MIT License (MIT)\n\nCopyright (c) 2018 Lijo \n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE.\n\n[ci-image]: https://travis-ci.org/aaronn/django-rest-framework-passwordless.svg?branch=master",
"description_content_type": "text/markdown",
"docs_url": null,
"download_url": "",
"downloads": {
"last_day": -1,
"last_month": -1,
"last_week": -1
},
"home_page": "https://github.com/lijoev/django-rest-framework-passwordless-knox",
"keywords": "",
"license": "MIT",
"maintainer": "",
"maintainer_email": "",
"name": "djangopasswordlessknox",
"package_url": "https://pypi.org/project/djangopasswordlessknox/",
"platform": "",
"project_url": "https://pypi.org/project/djangopasswordlessknox/",
"project_urls": {
"Homepage": "https://github.com/lijoev/django-rest-framework-passwordless-knox"
},
"release_url": "https://pypi.org/project/djangopasswordlessknox/1.4.0/",
"requires_dist": null,
"requires_python": ">=3",
"summary": "Passwordless auth for Django Rest Framework Knox Token Authentication.",
"version": "1.4.0"
},
"last_serial": 5959750,
"releases": {
"1.3.9": [
{
"comment_text": "",
"digests": {
"md5": "7c317455a4902864382fe03d8a4e9107",
"sha256": "52f9e3e59748ba7f62c950ec2d882674f2e7b9721a56728ba67efe093c45fb76"
},
"downloads": -1,
"filename": "djangopasswordlessknox-1.3.9.tar.gz",
"has_sig": false,
"md5_digest": "7c317455a4902864382fe03d8a4e9107",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3",
"size": 20581,
"upload_time": "2019-10-09T12:44:49",
"url": "https://files.pythonhosted.org/packages/e0/de/b2eea263b82466dd9f4b2170acddf926232e9b82f03a7a6f7934f93cc86c/djangopasswordlessknox-1.3.9.tar.gz"
}
],
"1.4.0": [
{
"comment_text": "",
"digests": {
"md5": "df42729bf20454bc16f70512c8b7a168",
"sha256": "cb6e47faaee1b57f6e52b0bd3998cb5210548b87c80133ea80e291489c79a40b"
},
"downloads": -1,
"filename": "djangopasswordlessknox-1.4.0.tar.gz",
"has_sig": false,
"md5_digest": "df42729bf20454bc16f70512c8b7a168",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3",
"size": 20591,
"upload_time": "2019-10-11T10:52:37",
"url": "https://files.pythonhosted.org/packages/a0/d0/2d032c89ffa9005c33941523d33cb8f8207796d24b2507bc2bf6dba6da48/djangopasswordlessknox-1.4.0.tar.gz"
}
]
},
"urls": [
{
"comment_text": "",
"digests": {
"md5": "df42729bf20454bc16f70512c8b7a168",
"sha256": "cb6e47faaee1b57f6e52b0bd3998cb5210548b87c80133ea80e291489c79a40b"
},
"downloads": -1,
"filename": "djangopasswordlessknox-1.4.0.tar.gz",
"has_sig": false,
"md5_digest": "df42729bf20454bc16f70512c8b7a168",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3",
"size": 20591,
"upload_time": "2019-10-11T10:52:37",
"url": "https://files.pythonhosted.org/packages/a0/d0/2d032c89ffa9005c33941523d33cb8f8207796d24b2507bc2bf6dba6da48/djangopasswordlessknox-1.4.0.tar.gz"
}
]
}