{ "info": { "author": "gmf", "author_email": "gmflanagan@outlook.com", "bugtrack_url": null, "classifiers": [ "Development Status :: 3 - Alpha", "Framework :: Django", "Intended Audience :: Developers", "License :: OSI Approved :: MIT License", "Programming Language :: Python :: 2", "Programming Language :: Python :: 3" ], "description": "\nmezzanine-invites\n=================\n\nA `Mezzanine`_ application that allows site registration via alphanumeric\ninvite codes. It is designed to enable a quick sign up process for invited\npotential site users.\n\nDevelopment - ``_\n\nRequirements\n------------\n\nHas been tested with **Django 1.7** and the latest **Mezzanine 3.1.*\ndevelopment branch (master)** using both **Python 2.7** and **Python 3.3**.\n\nMezzanine versions **3.1.10** and earlier may also work if you can ignore or\nworkaround `Issue 1114`_.\n\nUsage\n-----\n\nA site admin creates an Invite Code linked with at least the invitee's email\naddress and possibly also their full name and phone number. This code's key (a\nshort alphanumeric token) is sent to the invitee and, if they choose to use\nit, the first login with the code will create a new site user.\n\nAn Invite Code must be used to register within the number of days given by\nthe ``INVITE_CODE_USAGE_WINDOW`` setting (default 14 days), and once\nregistered, the code is valid for the number of days given by\n``INVITE_CODE_EXPIRY_DAYS`` (default 30 days).\n\nThe code is always of the form::\n\n \n\nFor example, **ABCXYZ123**. The default code length is 9 but this is\nconfigurable via the ``INVITE_CODE_LENGTH`` setting.\n\n\nThe ``send_invite`` view\n------------------------\n\nInclude ``invites.urls`` in your ``URL_CONF`` to get a staff-only view called\n``send-invite`` which will display a form with email, name and phone fields.\nClick **Send Invite** to send an email with the unique code to the recipient.\n\nThe ``invite`` management command\n---------------------------------\n\nCreate a code with the Django management command ``invite``::\n\n ./bin/django invite\n\nwhich will prompt for an email address for the invitee.\n\nYou can also specify the email as a paramter::\n\n ./bin/django invite --email=joe.soap@lux.com\n\nInvitation Codes are associated with a given ``Site``, so if there are multiple\nsites,then you need to specify which by domain name::\n\n ./bin/django invite --domain=example.com\n\nOnce created you will be asked if you want to send the invitation right away.\nIf you decline then the code will simply be printed out.\n\nEmail Backend\n-------------\n\nTo send emails, an appropriate email backend must be configured. See the\n`Django email docs`_ for more information.\n\n\nSettings\n--------\n\nThe ``INVITE_CODE_LENGTH`` setting determines the length of the invite code.\nIt ought to be an integer greater than or equal to 6 and less than or equal\nto 30.\n\nThe ``INVITE_CODE_USAGE_WINDOW`` setting determines how many days before an\nInvite Token must be used.\n\nOnce used to register with a site the ``INVITE_CODE_EXPIRY_DAYS`` setting\ndetermines how many days before the Invite Token becomes invalid as a login\ntoken.\n\nIn order for the invite code to be acceptable as a login token, add the\n``InviteAuthBackend`` to the list of ``AUTHENTICATION_BACKENDS`` in settings::\n\n AUTHENTICATION_BACKENDS = (\n \"mezzanine.core.auth_backends.MezzanineBackend\",\n \"invites.auth.InviteAuthBackend\",\n )\n\nYou can in fact just have ``InviteAuthBackend`` as the sole backend since it\nis a subclass of the ``MezzanineBackend`` and will fall back to the latter's \nauthentication::\n\n AUTHENTICATION_BACKENDS = (\n \"invites.auth.InviteAuthBackend\",\n )\n\nThe difference between the two setups is that if ``MezzanineBackend`` is\npicking up the standard username/password login then it won't authenticate the\n*first* use of an Invite Code or, obviously, create the newly-registered user,\nwhereas ``InviteAuthBackend`` will do both of those things.\n\nNote, however, that if you have ``mezzanine.accounts`` in your\n``INSTALLED_APPS`` setting, then ``MezzanineBackend`` will be added to the\nlist of backends anyway by the ``set_dynamic_settings`` call in your settings\nmodule.\n\n\nTemplates\n---------\n\nThe following templates are required.\n\n+ invites/send_invite.html\n+ invites/send_invite_email.txt\n+ invites/send_invite_email.html\n\nThere are further templates to handle the default login scenario - a login\npage that has two forms, one a standard **username/password/captcha** form,\nand the other a **quick login** form requiring only the invite code.\n\n+ accounts/account_form.html\n+ accounts/account_login.html\n\nDemo\n----\n\nTo create a demo project with a sqlite backend run::\n\n $ make demo\n\nThen create an invite code with an associated (not necessary valid) email::\n\n $ make invite email=luke@force.com\n\nCopy the six character Invite Code that is printed out.\n\nNext run a test server with::\n\n $ make serve\n\nand navigate to the login page. You should see two login forms - a standard\nusername/password/captcha form and another \"Quick\" form requiring only an\nInvite Code. \n\nYou should be able to login with either form.\n\n\nCaution\n-------\n\nThis is an inherently less secure means of authentication compared to\nthe regular username/password flow. The Invite Code Token gives immediate\nsite access and yet:\n\n + may have been sent in a plain text email\n + exists in the database in plain text form\n + does not require knowledge of the associated username\n + may not be very strong cryptographically\n\nThis inherent risk is mitigated by the ``INVITE_CODE_EXPIRY_DAYS`` setting.\nIn strict environments, both the ``INVITE_CODE_EXPIRY_DAYS`` and\n``INVITE_CODE_USAGE_WINDOW`` settings should be low numbers. Once expired, a\nuser will still be registered and active but will not be able to login until\nthey have set up their own password by the standard means, eg. via a\n**Forgotten Password** form.\n\nSetting ``INVITE_CODE_EXPIRY_DAYS`` to **0** will cause Invite Codes to be\neffectively \"one-shot\" tokens.\n\nTo expire a code that becomes invalid while that code's user is logged-in and\nhas an active session, a middleware component might be implemented to check\ncode expiry on each request and logout the user if necessary.\n\nSource and Issues\n-----------------\n\nSource is on `github`_.\n\n.. _github: https://github.com/averagehuman/mezzanine-invites\n.. _mezzanine: http://mezzanine.jupo.org\n.. _django email docs: https://docs.djangoproject.com/en/dev/topics/email/\n.. _issue 1114: https://github.com/stephenmcd/mezzanine/issues/1114\n\nTesting with tox/pytest\n~~~~~~~~~~~~~~~~~~~~~~~\n\nRun tests with::\n\n make test\n\nwhich is just an alias for::\n\n python setup.py test\n\n\n\n", "description_content_type": null, "docs_url": null, "download_url": "https://pypi.python.org/packages/source/m/mezzanine-invites/mezzanine-invites-0.2.3.tar.gz", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://pypi.python.org/pypi/mezzanine-invites", "keywords": null, "license": "MIT", "maintainer": null, "maintainer_email": null, "name": "mezzanine-invites", "package_url": "https://pypi.org/project/mezzanine-invites/", "platform": "UNKNOWN", "project_url": "https://pypi.org/project/mezzanine-invites/", "project_urls": { "Download": "https://pypi.python.org/packages/source/m/mezzanine-invites/mezzanine-invites-0.2.3.tar.gz", "Homepage": "https://pypi.python.org/pypi/mezzanine-invites" }, "release_url": "https://pypi.org/project/mezzanine-invites/0.2.3/", "requires_dist": null, "requires_python": null, "summary": "Authentication Backend for Mezzanine that allows site registration via alphanumeric invite codes.", "version": "0.2.3" }, "last_serial": 1240518, "releases": { "0.2.2": [ { "comment_text": "", "digests": { "md5": "6e3d924d4f93009b84c66a77876ae4a7", "sha256": "8730a4c1cb90649652b1acd11fdafb30775643d9d81b993419425aebb2c72568" }, "downloads": -1, "filename": "mezzanine-invites-0.2.2.tar.gz", "has_sig": false, "md5_digest": "6e3d924d4f93009b84c66a77876ae4a7", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 31137, "upload_time": "2014-09-27T21:00:55", "url": "https://files.pythonhosted.org/packages/7d/75/c5b3011527c6f1731a15accee29d6f99118a8529066ca67914f653e6e89e/mezzanine-invites-0.2.2.tar.gz" } ], "0.2.3": [ { "comment_text": "", "digests": { "md5": "088af61ad0e7e5156ee33552d605726f", "sha256": "a2d31fa57985bae4cb85be17b5c986060abb76d185515594bb47cc176aff2586" }, "downloads": -1, "filename": "mezzanine-invites-0.2.3.tar.gz", "has_sig": false, "md5_digest": "088af61ad0e7e5156ee33552d605726f", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 34750, "upload_time": "2014-09-28T17:14:50", "url": "https://files.pythonhosted.org/packages/72/17/26a64f90bd74526e6e8d76462e2dcd4fc104253db0c66d1a7f08a212993a/mezzanine-invites-0.2.3.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "088af61ad0e7e5156ee33552d605726f", "sha256": "a2d31fa57985bae4cb85be17b5c986060abb76d185515594bb47cc176aff2586" }, "downloads": -1, "filename": "mezzanine-invites-0.2.3.tar.gz", "has_sig": false, "md5_digest": "088af61ad0e7e5156ee33552d605726f", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 34750, "upload_time": "2014-09-28T17:14:50", "url": "https://files.pythonhosted.org/packages/72/17/26a64f90bd74526e6e8d76462e2dcd4fc104253db0c66d1a7f08a212993a/mezzanine-invites-0.2.3.tar.gz" } ] }