Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

release 4.0 #168

Merged
merged 14 commits into from
Feb 10, 2019
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions .isort.cfg
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
[settings]
combine_as_imports = true
default_section = THIRDPARTY
include_trailing_comma = true
known_first_party = knox
multi_line_output = 5
not_skip = __init__.py
181 changes: 75 additions & 106 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,153 +1,122 @@
3.6.0
=====
## 4.0.0

- The user serializer for each `LoginView`is now dynamic
**BREAKING** This is a major release version because it
breaks the existing API.
Changes have been made to the `create()` method on the `AuthToken` model.
It now returns the model instance and the raw `token` instead
of just the `token` to allow the `expiry` field to be included in the
success response.

Model field of `AuthToken` has been renamed from `expires` to `expiry`
to remain consistent across the code base. This patch requires you
to run a migration.

3.5.0
=====
Depending on your usage you might have to adjust your code
to fit these new changes.

- The context, token TTL and tokens per user settings in `LoginView` are now dynamic
- `AuthToken` model field has been changed from `expires` to `expiry`
- Successful login now always returns a `expiry` field for when the token expires

## 3.6.0

- The user serializer for each `LoginView`is now dynamic

3.4.0
=====
## 3.5.0

- The context, token TTL and tokens per user settings in `LoginView` are now dynamic

## 3.4.0
Our release cycle was broken since 3.1.5, hence you can not find the previous releases on pypi. We now fixed the problem.

- Adds optional token limit
- #129, #128 fixed
- \#129, \#128 fixed
- Changelog and Readme converted to markdown
- Auth header prefix is now configurable
- We ensure not to have flake8 errors in our code during our build
- MIN_REFRESH_INTERVAL is now a configurable setting

## 3.3.1
- Ensure compatibility with Django 2.1 up to Python 3.7

3.3.1
=====

- Ensure compatibility with Django 2.1 up to Python 3.7

3.3.0
=====
## 3.3.0

- **Breaking changes**: Successful authentication **ONLY** returns
`Token` object by default
now.`USER_SERIALIZER` must be overridden to return more
data.

- Introduce new setting `MIN_REFRESH_INTERVAL` to configure the time
interval (in seconds) to wait before a token is automatically refreshed.

3.2.1
=====

- Fix !111: Avoid knox failing if settings are not overwritten

3.2.0
=====

- Introduce new setting AUTO_REFRESH for controlling if token expiry
time should be extended automatically

3.1.5
=====

- Make AuthTokenAdmin more compatible with big user tables
- Extend docs regarding usage of Token Authentication as single
authentication method.
## 3.2.1
- Fix !111: Avoid knox failing if settings are not overwritten

3.1.4
=====
## 3.2.0
- Introduce new setting AUTO_REFRESH for controlling if token expiry time should be extended automatically

- Fix compability with django-rest-swagger (bad inheritance)
## 3.1.5
- Make AuthTokenAdmin more compatible with big user tables
- Extend docs regarding usage of Token Authentication as single authentication method.

3.1.3
=====
## 3.1.4
- Fix compability with django-rest-swagger (bad inheritance)

- Avoid 500 error response for invalid-length token requests
## 3.1.3
- Avoid 500 error response for invalid-length token requests

3.1.2
=====
## 3.1.2
- restore compability with Python <2.7.7

- restore compability with Python <2.7.7
## 3.1.1
- use hmac.compare_digest instead of == for comparing hashes for more security

3.1.1
=====
## 3.1.0
- drop Django 1.8 support as djangorestframework did so too in v.3.7.0
- build rest-knox on Django 1.11 and 2.0

- use hmac.compare_digest instead of == for comparing hashes for more
security
## 3.0.3
- drop using OpenSSL in favor of urandom

3.1.0
=====
## 3.0.2
- Add context to UserSerializer
- improve docs

- drop Django 1.8 support as djangorestframework did so too in v.3.7.0
- build rest-knox on Django 1.11 and 2.0
## 3.0.1
- improved docs and readme
- login response better supporting hyperlinked fields

3.0.3
=====
## 3.0.0
**Please be aware: updating to this version requires applying a database migration. All clients will need to reauthenticate.**

- drop using OpenSSL in favor of urandom
- Big performance fix: Introduction of token_key field to avoid having to compare a login request's token against each and every token in the database (issue #21)
- increased test coverage

3.0.2
=====
## 2.2.2
- Bugfix: invalid token length does no longer trigger a server error
- Extending documentation

- Add context to UserSerializer
- improve docs
## 2.2.1
**Please be aware: updating to his version requires applying a database migration**

3.0.1
=====

- improved docs and readme
- login response better supporting hyperlinked fields

3.0.3
=====

- drop using OpenSSL in favor of urandom

3.0.2
=====

- Add context to UserSerializer
- improve docs

3.0.1
=====

- improved docs and readme
- login response better supporting hyperlinked fields

3.0.0
=====

**Please be aware: updating to this version requires applying a database
migration. All clients will need to reauthenticate.**

- Big performance fix: Introduction of token_key field to avoid
having to compare a login request's token against each and every
token in the database (issue #21)
- increased test coverage

2.2.2
=====
- Introducing token_key to avoid loop over all tokens on login-requests
- Signals are sent on login/logout
- Test for invalid token length
- Cleanup in code and documentation

- Bugfix: invalid token length does no longer trigger a server error
- Extending documentation

2.2.1
=====
## 2.2.0

**Please be aware: updating to this version requires applying a database
migration**
- Change to support python 2.7

- Introducing token_key to avoid loop over all tokens on
login-requests
- Signals are sent on login/logout
- Test for invalid token length
- Cleanup in code and documentation
## 2.0.0
- Hashing of tokens on the server introduced.
- Updating to this version will clean the AuthToken table. In real terms, this
means all users will be forced to log in again.

2.2.0
=====
## 1.1.0
- `LoginView` changed to respect `DEFAULT_AUTHENTICATION_CLASSES`

- Change to support python 2.7
## 1.0.0
- Initial release
28 changes: 28 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -50,3 +50,31 @@ Django versions.

You could also simply run regular ``tox`` in the root folder as well, but that would make testing the matrix of
Python / Django versions a bit more tricky.

# Work on the documentation

Our documentation is generated by [Mkdocs](https://www.mkdocs.org).

You can refer to their documentation on how to install it locally.

Another option is to use `mkdocs.sh` in this repository.
It will run mkdocs in a [docker](https://www.docker.com/) container.

Running the script without any params triggers the `serve` command.
The server is exposed on localhost on port 8000.

To configure the port the `serve` command will be exposing the server to, you
can use the following env var:

```
MKDOCS_DEV_PORT="8080"
```

You can also pass any `mkdocs` command like this:

```
./mkdocs build
./mkdocs --help
```

Check the [Mkdocs documentation](https://www.mkdocs.org/) for more.
1 change: 1 addition & 0 deletions docs/changelog.md
92 changes: 0 additions & 92 deletions docs/changes.md

This file was deleted.

2 changes: 1 addition & 1 deletion docs/settings.md
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ REST_KNOX = {
'TOKEN_TTL': timedelta(hours=10),
'USER_SERIALIZER': 'knox.serializers.UserSerializer',
'TOKEN_LIMIT_PER_USER': None,
'AUTO_REFRESH': FALSE,
'AUTO_REFRESH': False,
}
#...snip...
```
Expand Down
2 changes: 2 additions & 0 deletions docs/views.md
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,8 @@ helper methods:
---
When the endpoint authenticates a request, a json object will be returned
containing the `token` key along with the actual value for the key by default.
The success response also includes a `expiry` key with a timestamp for when
the token expires.

> *This is because `USER_SERIALIZER` setting is `None` by default.*

Expand Down
1 change: 1 addition & 0 deletions knox/admin.py
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
from django.contrib import admin

from knox import models


Expand Down
Loading