Changelogs » Django-rest-knox

PyUp Safety actively tracks 262,699 Python packages for vulnerabilities and notifies you when to upgrade.



- Expiry format now defaults to whatever is used Django REST framework
  - The behavior can be overriden via EXPIRY_DATETIME_FORMAT setting
  - Fully customizable expiry format via format_expiry_datetime
  - Fully customizable response payload via get_post_response_data


- Fix for tox config to build Django 2.2 on python 3.6


**BREAKING** This is a major release version because it
  breaks the existing API.
  Changes have been made to the `create()` method on the `AuthToken` model.
  It now returns the model instance and the raw `token` instead
  of just the `token` to allow the `expiry` field to be included in the
  success response.
  Model field of `AuthToken` has been renamed from `expires` to `expiry`
  to remain consistent across the code base. This patch requires you
  to run a migration.
  Depending on your usage you might have to adjust your code
  to fit these new changes.
  - `AuthToken` model field has been changed from `expires` to `expiry`
  - Successful login now always returns a `expiry` field for when the token expires


- The user serializer for each `LoginView`is now dynamic


- The context, token TTL and tokens per user settings in `LoginView` are now dynamic


Our release cycle was broken since 3.1.5, hence you can not find the previous releases on pypi. We now fixed the problem.
  - Adds optional token limit
  - \129, \128 fixed
  - Changelog and Readme converted to markdown
  - Auth header prefix is now configurable
  - We ensure not to have flake8 errors in our code during our build
  - MIN_REFRESH_INTERVAL is now a configurable setting


- Ensure compatibility with Django 2.1 up to Python 3.7


-   **Breaking changes**: Successful authentication **ONLY** returns
  `Token` object by default
  now.`USER_SERIALIZER` must be overridden to return more
  -   Introduce new setting `MIN_REFRESH_INTERVAL` to configure the time
  interval (in seconds) to wait before a token is automatically refreshed.


- Fix !111: Avoid knox failing if settings are not overwritten


- Introduce new setting AUTO_REFRESH for controlling if token expiry time should be extended automatically


- Make AuthTokenAdmin more compatible with big user tables
  - Extend docs regarding usage of Token Authentication as single authentication method.


- Fix compability with django-rest-swagger (bad inheritance)


- Avoid 500 error response for invalid-length token requests


- restore compability with Python <2.7.7


- use hmac.compare_digest instead of == for comparing hashes for more security


- drop Django 1.8 support as djangorestframework did so too in v.3.7.0
  - build rest-knox on Django 1.11 and 2.0


- drop using OpenSSL in favor of urandom


- Add context to UserSerializer
  - improve docs


- improved docs and readme
  - login response better supporting hyperlinked fields


**Please be aware: updating to this version requires applying a database migration. All clients will need to reauthenticate.**
  - Big performance fix: Introduction of token_key field to avoid having to compare a login request's token against each and every token in the database (issue 21)
  - increased test coverage


- Bugfix: invalid token length does no longer trigger a server error
  - Extending documentation


**Please be aware: updating to his version requires applying a database migration**
  - Introducing token_key to avoid loop over all tokens on login-requests
  - Signals are sent on login/logout
  - Test for invalid token length
  - Cleanup in code and documentation
  -   Bugfix: invalid token length does no longer trigger a server error
  -   Extending documentation


-   Change to support python 2.7


-   Hashing of tokens on the server introduced.
  -   Updating to this version will clean the AuthToken table. In real terms, this
  means all users will be forced to log in again.


-   `LoginView` changed to respect `DEFAULT_AUTHENTICATION_CLASSES`


-   Initial release