PyUp Safety actively tracks 262,699 Python packages for vulnerabilities and notifies you when to upgrade.
- Expiry format now defaults to whatever is used Django REST framework - The behavior can be overriden via EXPIRY_DATETIME_FORMAT setting - Fully customizable expiry format via format_expiry_datetime - Fully customizable response payload via get_post_response_data
- Fix for tox config to build Django 2.2 on python 3.6
**BREAKING** This is a major release version because it breaks the existing API. Changes have been made to the `create()` method on the `AuthToken` model. It now returns the model instance and the raw `token` instead of just the `token` to allow the `expiry` field to be included in the success response. Model field of `AuthToken` has been renamed from `expires` to `expiry` to remain consistent across the code base. This patch requires you to run a migration. Depending on your usage you might have to adjust your code to fit these new changes. - `AuthToken` model field has been changed from `expires` to `expiry` - Successful login now always returns a `expiry` field for when the token expires
- The user serializer for each `LoginView`is now dynamic
- The context, token TTL and tokens per user settings in `LoginView` are now dynamic
Our release cycle was broken since 3.1.5, hence you can not find the previous releases on pypi. We now fixed the problem. - Adds optional token limit - \129, \128 fixed - Changelog and Readme converted to markdown - Auth header prefix is now configurable - We ensure not to have flake8 errors in our code during our build - MIN_REFRESH_INTERVAL is now a configurable setting
- Ensure compatibility with Django 2.1 up to Python 3.7
- **Breaking changes**: Successful authentication **ONLY** returns `Token` object by default now.`USER_SERIALIZER` must be overridden to return more data. - Introduce new setting `MIN_REFRESH_INTERVAL` to configure the time interval (in seconds) to wait before a token is automatically refreshed.
- Fix !111: Avoid knox failing if settings are not overwritten
- Introduce new setting AUTO_REFRESH for controlling if token expiry time should be extended automatically
- Make AuthTokenAdmin more compatible with big user tables - Extend docs regarding usage of Token Authentication as single authentication method.
- Fix compability with django-rest-swagger (bad inheritance)
- Avoid 500 error response for invalid-length token requests
- restore compability with Python <2.7.7
- use hmac.compare_digest instead of == for comparing hashes for more security
- drop Django 1.8 support as djangorestframework did so too in v.3.7.0 - build rest-knox on Django 1.11 and 2.0
- drop using OpenSSL in favor of urandom
- Add context to UserSerializer - improve docs
- improved docs and readme - login response better supporting hyperlinked fields
**Please be aware: updating to this version requires applying a database migration. All clients will need to reauthenticate.** - Big performance fix: Introduction of token_key field to avoid having to compare a login request's token against each and every token in the database (issue 21) - increased test coverage
- Bugfix: invalid token length does no longer trigger a server error - Extending documentation
**Please be aware: updating to his version requires applying a database migration** - Introducing token_key to avoid loop over all tokens on login-requests - Signals are sent on login/logout - Test for invalid token length - Cleanup in code and documentation - Bugfix: invalid token length does no longer trigger a server error - Extending documentation
- Change to support python 2.7
- Hashing of tokens on the server introduced. - Updating to this version will clean the AuthToken table. In real terms, this means all users will be forced to log in again.
- `LoginView` changed to respect `DEFAULT_AUTHENTICATION_CLASSES`
- Initial release