Get inside your stronghold and make all your Django views default login_required

Related tags

Authenticationdjango-stronghold
Overview

Build Status

Stronghold

Get inside your stronghold and make all your Django views default login_required

Stronghold is a very small and easy to use django app that makes all your Django project default to require login for all of your views.

WARNING: still in development, so some of the DEFAULTS and such will be changing without notice.

Installation

Install via pip.

pip install django-stronghold

Add stronghold to your INSTALLED_APPS in your Django settings file

INSTALLED_APPS = (
    #...
    'stronghold',
)

Then add the stronghold middleware to your MIDDLEWARE_CLASSES in your Django settings file

MIDDLEWARE_CLASSES = (
    #...
    'stronghold.middleware.LoginRequiredMiddleware',
)

Usage

If you followed the installation instructions now all your views are defaulting to require a login. To make a view public again you can use the public decorator provided in stronghold.decorators like so:

For function based views

from stronghold.decorators import public


@public
def someview(request):
	# do some work
	#...

For class based views (decorator)

from django.utils.decorators import method_decorator
from stronghold.decorators import public


class SomeView(View):
	def get(self, request, *args, **kwargs):
		# some view logic
		#...

	@method_decorator(public)
	def dispatch(self, *args, **kwargs):
    	        return super(SomeView, self).dispatch(*args, **kwargs)

For class based views (mixin)

from stronghold.views import StrongholdPublicMixin


class SomeView(StrongholdPublicMixin, View):
	pass

Configuration (optional)

STRONGHOLD_DEFAULTS

Use Strongholds defaults in addition to your own settings.

Default:

STRONGHOLD_DEFAULTS = True

You can add a tuple of url regexes in your settings file with the STRONGHOLD_PUBLIC_URLS setting. Any url that matches against these patterns will be made public without using the @public decorator.

STRONGHOLD_PUBLIC_URLS

Default:

STRONGHOLD_PUBLIC_URLS = ()

If STRONGHOLD_DEFAULTS is True STRONGHOLD_PUBLIC_URLS contains:

(
    r'^%s.+$' % settings.STATIC_URL,
    r'^%s.+$' % settings.MEDIA_URL,
)

When settings.DEBUG = True. This is additive to your settings to support serving Static files and media files from the development server. It does not replace any settings you may have in STRONGHOLD_PUBLIC_URLS.

Note: Public URL regexes are matched against HttpRequest.path_info.

STRONGHOLD_PUBLIC_NAMED_URLS

You can add a tuple of url names in your settings file with the STRONGHOLD_PUBLIC_NAMED_URLS setting. Names in this setting will be reversed using django.core.urlresolvers.reverse and any url matching the output of the reverse call will be made public without using the @public decorator:

Default:

STRONGHOLD_PUBLIC_NAMED_URLS = ()

If STRONGHOLD_DEFAULTS is True additionally we search for django.contrib.auth if it exists, we add the login and logout view names to STRONGHOLD_PUBLIC_NAMED_URLS

STRONGHOLD_USER_TEST_FUNC

Optionally, set STRONGHOLD_USER_TEST_FUNC to a callable to limit access to users that pass a custom test. The callback receives a User object and should return True if the user is authorized. This is equivalent to decorating a view with user_passes_test.

Example:

STRONGHOLD_USER_TEST_FUNC = lambda user: user.is_staff

Default:

STRONGHOLD_USER_TEST_FUNC = lambda user: user.is_authenticated

Compatiblity

Tested with:

  • Django 1.8.x
  • Django 1.9.x
  • Django 1.10.x
  • Django 1.11.x
  • Django 2.0.x
  • Django 2.1.x
  • Django 2.2.x

Contribute

See CONTRIBUTING.md

Comments
  • Add Django 2.1 compatibility

    Add Django 2.1 compatibility

    The test suite is failing with Django 2.1, as it seems that set_view_func_public may now receive the dispatch method itself in parameter. I tracked this issue to this Django commit: https://github.com/django/django/commit/fdc936c9130cf4fb5d59869674b9a31cc79a7999

    opened by claudep 12
  • Support Django 1.7 and Python 3

    Support Django 1.7 and Python 3

    • Add python3 testing to makefile.
    • Advertise python 3 and 3.4 in classifiers.
    • Advertise Django 1.7 support in README.
    • Rename test modules to start with 'test' for better consistency with unittest module and new Django test runner.
    • Explictly set TEST_RUNNER in test_project settings to avoid Django from throwing a warning.
    • Fix test_project/urls.py to work with absense of relative imports in python3.
    opened by SunilMohanAdapa 9
  • Support using Django 1.10 new style middleware

    Support using Django 1.10 new style middleware

    Add support for new style middleware introduced in Django 1.10. Support for old style middleware will be dropped from Django in the future. Any application using stronghold can't move using new style middleware until strong supports new style middleware.

    Altering existing code to support new style and old style middleware is quite simple as adding a mixin to the existing middleware class.

    opened by SunilMohanAdapa 8
  • Fix for Django 2.1 decorators

    Fix for Django 2.1 decorators

    This is a semi-hacky way to make django-stronghold work on Django 2.1

    Additionally, added a couple views to the test project to make it easier to test the different methods of declaring a public view.

    opened by cw0102 5
  • Python3 tag on PyPi

    Python3 tag on PyPi

    Would it be possible to add to PyPi entry that django-stronghold is Python 3 compatible? I am getting a false negative when I use the caniusepython3 (https://pypi.python.org/pypi/caniusepython3) program.

    Thanks.

    opened by aklaver 5
  • Please make a release with Django 2.0 support

    Please make a release with Django 2.0 support

    Although Django 2.0 support has been added, there is not release yet with this support. We wish to make a Debian package with Django 2.0 support as Django 2.0 is about to released soon into Debian. FreedomBox project especially needs this in time.

    Please consider making a new release of stronghold as soon as you can.

    opened by SunilMohanAdapa 4
  • 'LoginRequiredMiddleware' object is not callable

    'LoginRequiredMiddleware' object is not callable

    I keep getting error TypeError: 'LoginRequiredMiddleware' object is not callable. I'm using django 1.10 and using master branch.

    any reason why this is happening? thanks

    opened by whaleforever 4
  • ImproperlyConfigured: The included urlconf <app>.urls doesn't have any patterns in it

    ImproperlyConfigured: The included urlconf .urls doesn't have any patterns in it

    Hola, I'm getting the above as an error. I've fleshed out the relative conf and py files on SO: http://stackoverflow.com/questions/20963856/improperlyconfigured-the-included-urlconf-project-urls-doesnt-have-any-patte

    From the Apache2 error log, it looks like it's got something to do with Stronghold?

    I tried deleting /.virtualenvs/erp-dev/lib/python2.7/site-packages/stronghold/conf.pyc and then replaced reverse with reverse_lazy in conf.py but that didn't work.

    Any idea what might be going wrong?

     mod_wsgi (pid=25007): Exception occurred processing WSGI script '/home/erp/www/dev/erp/erp/erp/wsgi.py'.
 Traceback (most recent call last):
  File "/home/erp/.virtualenvs/erp-dev/lib/python2.7/site-packages/django/core/handlers/wsgi.py", line 187, in __call__
     self.load_middleware()
   File "/home/erp/.virtualenvs/erp-dev/lib/python2.7/site-packages/django/core/handlers/base.py", line 47, in load_middleware
     mw_class = import_by_path(middleware_path)
   File "/home/erp/.virtualenvs/erp-dev/lib/python2.7/site-packages/django/utils/module_loading.py", line 21, in import_by_path
     module = import_module(module_path)
   File "/home/erp/.virtualenvs/erp-dev/lib/python2.7/site-packages/django/utils/importlib.py", line 40, in import_module
     __import__(name)
   File "/home/erp/.virtualenvs/erp-dev/lib/python2.7/site-packages/stronghold/middleware.py", line 2, in <module>
     from stronghold import conf, utils
   File "/home/erp/.virtualenvs/erp-dev/lib/python2.7/site-packages/stronghold/conf.py", line 33, in <module>
     url = reverse(named_url)
   File "/home/erp/.virtualenvs/erp-dev/lib/python2.7/site-packages/django/core/urlresolvers.py", line 509, in reverse
     return iri_to_uri(resolver._reverse_with_prefix(view, prefix, *args, **kwargs))
   File "/home/erp/.virtualenvs/erp-dev/lib/python2.7/site-packages/django/core/urlresolvers.py", line 387, in _reverse_with_prefix
     possibilities = self.reverse_dict.getlist(lookup_view)
   File "/home/erp/.virtualenvs/erp-dev/lib/python2.7/site-packages/django/core/urlresolvers.py", line 296, in reverse_dict
     self._populate()
   File "/home/erp/.virtualenvs/erp-dev/lib/python2.7/site-packages/django/core/urlresolvers.py", line 262, in _populate
     for pattern in reversed(self.url_patterns):
   File "/home/erp/.virtualenvs/erp-dev/lib/python2.7/site-packages/django/core/urlresolvers.py", line 350, in url_patterns
     raise ImproperlyConfigured("The included urlconf %s doesn't have any patterns in it" % self.urlconf_name)
ImproperlyConfigured: The included urlconf erp.urls doesn't have any patterns in it
    opened by datakid 4
  • Default install results in redirect loop on all pages

    Default install results in redirect loop on all pages

    I am using Django 1.7, and the latest stable install of django-blog-zinnia. Once I installed django-stronghold to its default settings via instructions on your readme, I get a redirect loop on all pages and it looks something like this:

    'hxxp://example.com/login/?next=/login/%3Fnext%3D/login/%253Fnext%253D/login/%25253Fnext%25253D/login/%2525253Fnext%2525253D/login/%252525253Fnext%252525253D/login/%25252525253Fnext%25252525253D/login/%2525252525253Fnext%2525252525253D/login/%252525252525253Fnext%2525252525252..................... '

    I am honestly not sure if this is something to do with stronghold but I would really like to be able to use this middleware either way!

    EDIT: Oh my god. I am sorry for even posting this but I think it's because I have my own custom login urls, so stronghold treats it like any other url on my site and hence the loop!

    opened by butstevetho 3
  • Can't make admin public in Django 1.7

    Can't make admin public in Django 1.7

    I have a Django 1.7 project where I want to use django admin as usual with it's authentication and the rest of the site with my login. No matter what I configure in my settings, "/admin" still redirects to "/accounts/login", and would like it to redirect to django's admin login.

    opened by alexarsh 3
  • Recursive login feedback

    Recursive login feedback

    When I enable Stronghold and then visit a page, I get what look like unescaped, recursive errors:

    20/Nov/2013 13:58:32] "GET /inventory/ HTTP/1.1" 302 0
[20/Nov/2013 13:58:32] "GET /accounts/login/?next=/inventory/ HTTP/1.1" 302 0
[20/Nov/2013 13:58:32] "GET /accounts/login/?next=/accounts/login/%3Fnext%3D/inventory/ HTTP/1.1" 302 0
[20/Nov/2013 13:58:32] "GET /accounts/login/?next=/accounts/login/%3Fnext%3D/accounts/login/%253Fnext%253D/inventory/ HTTP/1.1" 302 0
[20/Nov/2013 13:58:32] "GET /accounts/login/?next=/accounts/login/%3Fnext%3D/accounts/login/%253Fnext%253D/accounts/login/%25253Fnext%25253D/inventory/ HTTP/1.1" 302 0
[20/Nov/2013 13:58:32] "GET /accounts/login/?next=/accounts/login/%3Fnext%3D/accounts/login/%253Fnext%253D/accounts/login/%25253Fnext%25253D/accounts/login/%2525253Fnext%2525253D/inventory/ HTTP/1.1" 302 0
[20/Nov/2013 13:58:32] "GET /accounts/login/?next=/accounts/login/%3Fnext%3D/accounts/login/%253Fnext%253D/accounts/login/%25253Fnext%25253D/accounts/login/%2525253Fnext%2525253D/accounts/login/%252525253Fnext%252525253D/inventory/ HTTP/1.1" 302 0
[20/Nov/2013 13:58:32] "GET /accounts/login/?next=/accounts/login/%3Fnext%3D/accounts/login/%253Fnext%253D/accounts/login/%25253Fnext%25253D/accounts/login/%2525253Fnext%2525253D/accounts/login/%252525253Fnext%252525253D/accounts/login/%25252525253Fnext%25252525253D/inventory/ HTTP/1.1" 302 0
[20/Nov/2013 13:58:32] "GET /accounts/login/?next=/accounts/login/%3Fnext%3D/accounts/login/%253Fnext%253D/accounts/login/%25253Fnext%25253D/accounts/login/%2525253Fnext%2525253D/accounts/login/%252525253Fnext%252525253D/accounts/login/%25252525253Fnext%25252525253D/accounts/login/%2525252525253Fnext%2525252525253D/inventory/ HTTP/1.1" 302 0
[20/Nov/2013 13:58:32] "GET /accounts/login/?next=/accounts/login/%3Fnext%3D/accounts/login/%253Fnext%253D/accounts/login/%25253Fnext%25253D/accounts/login/%2525253Fnext%2525253D/accounts/login/%252525253Fnext%252525253D/accounts/login/%25252525253Fnext%25252525253D/accounts/login/%2525252525253Fnext%2525252525253D/accounts/login/%252525252525253Fnext%252525252525253D/inventory/ HTTP/1.1" 302 0
[20/Nov/2013 13:58:32] "GET /accounts/login/?next=/accounts/login/%3Fnext%3D/accounts/login/%253Fnext%253D/accounts/login/%25253Fnext%25253D/accounts/login/%2525253Fnext%2525253D/accounts/login/%252525253Fnext%252525253D/accounts/login/%25252525253Fnext%25252525253D/accounts/login/%2525252525253Fnext%2525252525253D/accounts/login/%252525252525253Fnext%252525252525253D/accounts/login/%25252525252525253Fnext%25252525252525253D/inventory/ HTTP/1.1" 302 0
[20/Nov/2013 13:58:32] "GET /accounts/login/?next=/accounts/login/%3Fnext%3D/accounts/login/%253Fnext%253D/accounts/login/%25253Fnext%25253D/accounts/login/%2525253Fnext%2525253D/accounts/login/%252525253Fnext%252525253D/accounts/login/%25252525253Fnext%25252525253D/accounts/login/%2525252525253Fnext%2525252525253D/accounts/login/%252525252525253Fnext%252525252525253D/accounts/login/%25252525252525253Fnext%25252525252525253D/accounts/login/%2525252525252525253Fnext%2525252525252525253D/inventory/ HTTP/1.1" 302 0
[20/Nov/2013 13:58:32] "GET /accounts/login/?next=/accounts/login/%3Fnext%3D/accounts/login/%253Fnext%253D/accounts/login/%25253Fnext%25253D/accounts/login/%2525253Fnext%2525253D/accounts/login/%252525253Fnext%252525253D/accounts/login/%25252525253Fnext%25252525253D/accounts/login/%2525252525253Fnext%2525252525253D/accounts/login/%252525252525253Fnext%252525252525253D/accounts/login/%25252525252525253Fnext%25252525252525253D/accounts/login/%2525252525252525253Fnext%2525252525252525253D/accounts/login/%252525252525252525253Fnext%252525252525252525253D/inventory/ HTTP/1.1" 302 0
[20/Nov/2013 13:58:32] "GET /accounts/login/?next=/accounts/login/%3Fnext%3D/accounts/login/%253Fnext%253D/accounts/login/%25253Fnext%25253D/accounts/login/%2525253Fnext%2525253D/accounts/login/%252525253Fnext%252525253D/accounts/login/%25252525253Fnext%25252525253D/accounts/login/%2525252525253Fnext%2525252525253D/accounts/login/%252525252525253Fnext%252525252525253D/accounts/login/%25252525252525253Fnext%25252525252525253D/accounts/login/%2525252525252525253Fnext%2525252525252525253D/accounts/login/%252525252525252525253Fnext%252525252525252525253D/accounts/login/%25252525252525252525253Fnext%25252525252525252525253D/inventory/ HTTP/1.1" 302 0
[20/Nov/2013 13:58:32] "GET /accounts/login/?next=/accounts/login/%3Fnext%3D/accounts/login/%253Fnext%253D/accounts/login/%25253Fnext%25253D/accounts/login/%2525253Fnext%2525253D/accounts/login/%252525253Fnext%252525253D/accounts/login/%25252525253Fnext%25252525253D/accounts/login/%2525252525253Fnext%2525252525253D/accounts/login/%252525252525253Fnext%252525252525253D/accounts/login/%25252525252525253Fnext%25252525252525253D/accounts/login/%2525252525252525253Fnext%2525252525252525253D/accounts/login/%252525252525252525253Fnext%252525252525252525253D/accounts/login/%25252525252525252525253Fnext%25252525252525252525253D/accounts/login/%2525252525252525252525253Fnext%2525252525252525252525253D/inventory/ HTTP/1.1" 302 0
[20/Nov/2013 13:58:32] "GET /accounts/login/?next=/accounts/login/%3Fnext%3D/accounts/login/%253Fnext%253D/accounts/login/%25253Fnext%25253D/accounts/login/%2525253Fnext%2525253D/accounts/login/%252525253Fnext%252525253D/accounts/login/%25252525253Fnext%25252525253D/accounts/login/%2525252525253Fnext%2525252525253D/accounts/login/%252525252525253Fnext%252525252525253D/accounts/login/%25252525252525253Fnext%25252525252525253D/accounts/login/%2525252525252525253Fnext%2525252525252525253D/accounts/login/%252525252525252525253Fnext%252525252525252525253D/accounts/login/%25252525252525252525253Fnext%25252525252525252525253D/accounts/login/%2525252525252525252525253Fnext%2525252525252525252525253D/accounts/login/%252525252525252525252525253Fnext%252525252525252525252525253D/inventory/ HTTP/1.1" 302 0
[20/Nov/2013 13:58:32] "GET /accounts/login/?next=/accounts/login/%3Fnext%3D/accounts/login/%253Fnext%253D/accounts/login/%25253Fnext%25253D/accounts/login/%2525253Fnext%2525253D/accounts/login/%252525253Fnext%252525253D/accounts/login/%25252525253Fnext%25252525253D/accounts/login/%2525252525253Fnext%2525252525253D/accounts/login/%252525252525253Fnext%252525252525253D/accounts/login/%25252525252525253Fnext%25252525252525253D/accounts/login/%2525252525252525253Fnext%2525252525252525253D/accounts/login/%252525252525252525253Fnext%252525252525252525253D/accounts/login/%25252525252525252525253Fnext%25252525252525252525253D/accounts/login/%2525252525252525252525253Fnext%2525252525252525252525253D/accounts/login/%252525252525252525252525253Fnext%252525252525252525252525253D/accounts/login/%25252525252525252525252525253Fnext%25252525252525252525252525253D/inventory/ HTTP/1.1" 302 0
[20/Nov/2013 13:58:32] "GET /accounts/login/?next=/accounts/login/%3Fnext%3D/accounts/login/%253Fnext%253D/accounts/login/%25253Fnext%25253D/accounts/login/%2525253Fnext%2525253D/accounts/login/%252525253Fnext%252525253D/accounts/login/%25252525253Fnext%25252525253D/accounts/login/%2525252525253Fnext%2525252525253D/accounts/login/%252525252525253Fnext%252525252525253D/accounts/login/%25252525252525253Fnext%25252525252525253D/accounts/login/%2525252525252525253Fnext%2525252525252525253D/accounts/login/%252525252525252525253Fnext%252525252525252525253D/accounts/login/%25252525252525252525253Fnext%25252525252525252525253D/accounts/login/%2525252525252525252525253Fnext%2525252525252525252525253D/accounts/login/%252525252525252525252525253Fnext%252525252525252525252525253D/accounts/login/%25252525252525252525252525253Fnext%25252525252525252525252525253D/accounts/login/%2525252525252525252525252525253Fnext%2525252525252525252525252525253D/inventory/ HTTP/1.1" 302 0
[20/Nov/2013 13:58:32] "GET /accounts/login/?next=/accounts/login/%3Fnext%3D/accounts/login/%253Fnext%253D/accounts/login/%25253Fnext%25253D/accounts/login/%2525253Fnext%2525253D/accounts/login/%252525253Fnext%252525253D/accounts/login/%25252525253Fnext%25252525253D/accounts/login/%2525252525253Fnext%2525252525253D/accounts/login/%252525252525253Fnext%252525252525253D/accounts/login/%25252525252525253Fnext%25252525252525253D/accounts/login/%2525252525252525253Fnext%2525252525252525253D/accounts/login/%252525252525252525253Fnext%252525252525252525253D/accounts/login/%25252525252525252525253Fnext%25252525252525252525253D/accounts/login/%2525252525252525252525253Fnext%2525252525252525252525253D/accounts/login/%252525252525252525252525253Fnext%252525252525252525252525253D/accounts/login/%25252525252525252525252525253Fnext%25252525252525252525252525253D/accounts/login/%2525252525252525252525252525253Fnext%2525252525252525252525252525253D/accounts/login/%252525252525252525252525252525253Fnext%252525252525252525252525252525253D/inventory/ HTTP/1.1" 302 0
[20/Nov/2013 13:58:32] "GET /accounts/login/?next=/accounts/login/%3Fnext%3D/accounts/login/%253Fnext%253D/accounts/login/%25253Fnext%25253D/accounts/login/%2525253Fnext%2525253D/accounts/login/%252525253Fnext%252525253D/accounts/login/%25252525253Fnext%25252525253D/accounts/login/%2525252525253Fnext%2525252525253D/accounts/login/%252525252525253Fnext%252525252525253D/accounts/login/%25252525252525253Fnext%25252525252525253D/accounts/login/%2525252525252525253Fnext%2525252525252525253D/accounts/login/%252525252525252525253Fnext%252525252525252525253D/accounts/login/%25252525252525252525253Fnext%25252525252525252525253D/accounts/login/%2525252525252525252525253Fnext%2525252525252525252525253D/accounts/login/%252525252525252525252525253Fnext%252525252525252525252525253D/accounts/login/%25252525252525252525252525253Fnext%25252525252525252525252525253D/accounts/login/%2525252525252525252525252525253Fnext%2525252525252525252525252525253D/accounts/login/%252525252525252525252525252525253Fnext%252525252525252525252525252525253D/accounts/login/%25252525252525252525252525252525253Fnext%25252525252525252525252525252525253D/inventory/ HTTP/1.1" 302 0
[20/Nov/2013 13:58:32] "GET /accounts/login/?next=/accounts/login/%3Fnext%3D/accounts/login/%253Fnext%253D/accounts/login/%25253Fnext%25253D/accounts/login/%2525253Fnext%2525253D/accounts/login/%252525253Fnext%252525253D/accounts/login/%25252525253Fnext%25252525253D/accounts/login/%2525252525253Fnext%2525252525253D/accounts/login/%252525252525253Fnext%252525252525253D/accounts/login/%25252525252525253Fnext%25252525252525253D/accounts/login/%2525252525252525253Fnext%2525252525252525253D/accounts/login/%252525252525252525253Fnext%252525252525252525253D/accounts/login/%25252525252525252525253Fnext%25252525252525252525253D/accounts/login/%2525252525252525252525253Fnext%2525252525252525252525253D/accounts/login/%252525252525252525252525253Fnext%252525252525252525252525253D/accounts/login/%25252525252525252525252525253Fnext%25252525252525252525252525253D/accounts/login/%2525252525252525252525252525253Fnext%2525252525252525252525252525253D/accounts/login/%252525252525252525252525252525253Fnext%252525252525252525252525252525253D/accounts/login/%25252525252525252525252525252525253Fnext%25252525252525252525252525252525253D/accounts/login/%2525252525252525252525252525252525253Fnext%2525252525252525252525252525252525253D/inventory/ HTTP/1.1" 302 0
    opened by datakid 3
  • docs: Fix a few typos

    docs: Fix a few typos

    There are small typos in:

    • docs/conf.py
    • stronghold/decorators.py

    Fixes:

    • Should read that rather than shat.
    • Should read function rather than fuction.

    Semi-automated pull request generated by https://github.com/timgates42/meticulous/blob/master/docs/NOTE.md

    opened by timgates42 0
  • Bump pygments from 1.6 to 2.7.4

    Bump pygments from 1.6 to 2.7.4

    Bumps pygments from 1.6 to 2.7.4.

    Release notes

    Sourced from pygments's releases.

    2.7.4

    • Updated lexers:

      • Apache configurations: Improve handling of malformed tags (#1656)

      • CSS: Add support for variables (#1633, #1666)

      • Crystal (#1650, #1670)

      • Coq (#1648)

      • Fortran: Add missing keywords (#1635, #1665)

      • Ini (#1624)

      • JavaScript and variants (#1647 -- missing regex flags, #1651)

      • Markdown (#1623, #1617)

      • Shell

        • Lex trailing whitespace as part of the prompt (#1645)
        • Add missing in keyword (#1652)

      • SQL - Fix keywords (#1668)

      • Typescript: Fix incorrect punctuation handling (#1510, #1511)

    • Fix infinite loop in SML lexer (#1625)

    • Fix backtracking string regexes in JavaScript/TypeScript, Modula2 and many other lexers (#1637)

    • Limit recursion with nesting Ruby heredocs (#1638)

    • Fix a few inefficient regexes for guessing lexers

    • Fix the raw token lexer handling of Unicode (#1616)

    • Revert a private API change in the HTML formatter (#1655) -- please note that private APIs remain subject to change!

    • Fix several exponential/cubic-complexity regexes found by Ben Caller/Doyensec (#1675)

    • Fix incorrect MATLAB example (#1582)

    Thanks to Google's OSS-Fuzz project for finding many of these bugs.

    2.7.3

    ... (truncated)

    Changelog

    Sourced from pygments's changelog.

    Version 2.7.4

    (released January 12, 2021)

    • Updated lexers:

      • Apache configurations: Improve handling of malformed tags (#1656)

      • CSS: Add support for variables (#1633, #1666)

      • Crystal (#1650, #1670)

      • Coq (#1648)

      • Fortran: Add missing keywords (#1635, #1665)

      • Ini (#1624)

      • JavaScript and variants (#1647 -- missing regex flags, #1651)

      • Markdown (#1623, #1617)

      • Shell

        • Lex trailing whitespace as part of the prompt (#1645)
        • Add missing in keyword (#1652)

      • SQL - Fix keywords (#1668)

      • Typescript: Fix incorrect punctuation handling (#1510, #1511)

    • Fix infinite loop in SML lexer (#1625)

    • Fix backtracking string regexes in JavaScript/TypeScript, Modula2 and many other lexers (#1637)

    • Limit recursion with nesting Ruby heredocs (#1638)

    • Fix a few inefficient regexes for guessing lexers

    • Fix the raw token lexer handling of Unicode (#1616)

    • Revert a private API change in the HTML formatter (#1655) -- please note that private APIs remain subject to change!

    • Fix several exponential/cubic-complexity regexes found by Ben Caller/Doyensec (#1675)

    • Fix incorrect MATLAB example (#1582)

    Thanks to Google's OSS-Fuzz project for finding many of these bugs.

    Version 2.7.3

    (released December 6, 2020)

    ... (truncated)

    Commits
    • 4d555d0 Bump version to 2.7.4.
    • fc3b05d Update CHANGES.
    • ad21935 Revert "Added dracula theme style (#1636)"
    • e411506 Prepare for 2.7.4 release.
    • 275e34d doc: remove Perl 6 ref
    • 2e7e8c4 Fix several exponential/cubic complexity regexes found by Ben Caller/Doyensec
    • eb39c43 xquery: fix pop from empty stack
    • 2738778 fix coding style in test_analyzer_lexer
    • 02e0f09 Added 'ERROR STOP' to fortran.py keywords. (#1665)
    • c83fe48 support added for css variables (#1633)
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Bump jinja2 from 2.10.3 to 2.11.3

    Bump jinja2 from 2.10.3 to 2.11.3

    Bumps jinja2 from 2.10.3 to 2.11.3.

    Release notes

    Sourced from jinja2's releases.

    2.11.3

    This contains a fix for a speed issue with the urlize filter. urlize is likely to be called on untrusted user input. For certain inputs some of the regular expressions used to parse the text could take a very long time due to backtracking. As part of the fix, the email matching became slightly stricter. The various speedups apply to urlize in general, not just the specific input cases.

    2.11.2

    2.11.1

    This fixes an issue in async environment when indexing the result of an attribute lookup, like {{ data.items[1:] }}.

    2.11.0

    This is the last version to support Python 2.7 and 3.5. The next version will be Jinja 3.0 and will support Python 3.6 and newer.

    Changelog

    Sourced from jinja2's changelog.

    Version 2.11.3

    Released 2021-01-31

    • Improve the speed of the urlize filter by reducing regex backtracking. Email matching requires a word character at the start of the domain part, and only word characters in the TLD. :pr:1343

    Version 2.11.2

    Released 2020-04-13

    • Fix a bug that caused callable objects with __getattr__, like :class:~unittest.mock.Mock to be treated as a :func:contextfunction. :issue:1145
    • Update wordcount filter to trigger :class:Undefined methods by wrapping the input in :func:soft_str. :pr:1160
    • Fix a hang when displaying tracebacks on Python 32-bit. :issue:1162
    • Showing an undefined error for an object that raises AttributeError on access doesn't cause a recursion error. :issue:1177
    • Revert changes to :class:~loaders.PackageLoader from 2.10 which removed the dependency on setuptools and pkg_resources, and added limited support for namespace packages. The changes caused issues when using Pytest. Due to the difficulty in supporting Python 2 and :pep:451 simultaneously, the changes are reverted until 3.0. :pr:1182
    • Fix line numbers in error messages when newlines are stripped. :pr:1178
    • The special namespace() assignment object in templates works in async environments. :issue:1180
    • Fix whitespace being removed before tags in the middle of lines when lstrip_blocks is enabled. :issue:1138
    • :class:~nativetypes.NativeEnvironment doesn't evaluate intermediate strings during rendering. This prevents early evaluation which could change the value of an expression. :issue:1186

    Version 2.11.1

    Released 2020-01-30

    • Fix a bug that prevented looking up a key after an attribute ({{ data.items[1:] }}) in an async template. :issue:1141

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Password reset not public by default

    Password reset not public by default

    Urls for login and logout are public if django.contrib.auth is installed but not password_reset, password_reset_done, password_reset_confirm nor password_reset_complete. Could you add theses ? I can make a PR later if you prefer.

    opened by logut 6
Releases(v0.3.2)
Owner
Mike Grouchy
Chief Product Officer @pagecloud, Founder at Pycoders Weekly(acquired), Python Developer.
Mike Grouchy
GitHub Repository http://mikegrouchy.com/django-stronghold
Python module for generating and verifying JSON Web Tokens

python-jwt Module for generating and verifying JSON Web Tokens. Note: From version 2.0.1 the namespace has changed from jwt to python_jwt, in order to

David Halls 210 Dec 24, 2022
A simple Boilerplate to Setup Authentication using Django-allauth 🚀

A simple Boilerplate to Setup Authentication using Django-allauth, with a custom template for login and registration using django-crispy-forms.

Yasser Tahiri 13 May 13, 2022
This script helps you log in to your LMS account and enter the currently running session

This script helps you log in to your LMS account and enter the currently running session, all in a second

Ali Ebrahimi 5 Sep 01, 2022
Get inside your stronghold and make all your Django views default login_required

Stronghold Get inside your stronghold and make all your Django views default login_required Stronghold is a very small and easy to use django app that

Mike Grouchy 384 Nov 23, 2022
CheckList-Api - Created with django rest framework and JWT(Json Web Tokens for Authentication)

CheckList Api created with django rest framework and JWT(Json Web Tokens for Aut

shantanu nimkar 1 Jan 24, 2022
Authentication Module for django rest auth

django-rest-knox Authentication Module for django rest auth Knox provides easy to use authentication for Django REST Framework The aim is to allow for

James McMahon 878 Jan 04, 2023
This python package provides a simple password reset strategy for django rest framework

Django Rest Password Reset This python package provides a simple password reset strategy for django rest framework, where users can request password r

Anexia 363 Dec 24, 2022
Authentication for Django Rest Framework

Dj-Rest-Auth Drop-in API endpoints for handling authentication securely in Django Rest Framework. Works especially well with SPAs (e.g React, Vue, Ang

Michael 1.1k Jan 03, 2023
Ready to use and customizable Authentications and Authorisation management for FastAPI âš¡

AuthenticationX 💫 Ready-to-use and customizable Authentications and Oauth2 management for FastAPI ⚡

Yasser Tahiri 408 Jan 05, 2023
Python One-Time Password Library

PyOTP - The Python One-Time Password Library PyOTP is a Python library for generating and verifying one-time passwords. It can be used to implement tw

PyAuth 2.2k Dec 26, 2022
python-social-auth and oauth2 support for django-rest-framework

Django REST Framework Social OAuth2 This module provides OAuth2 social authentication support for applications in Django REST Framework. The aim of th

1k Dec 22, 2022
Boilerplate/Starter Project for building RESTful APIs using Flask, SQLite, JWT authentication.

auth-phyton Boilerplate/Starter Project for building RESTful APIs using Flask, SQLite, JWT authentication. Setup Step #1 - Install dependencies $ pip

sandhika 0 Aug 03, 2022
Local server that gives you your OAuth 2.0 tokens needed to interact with the Conta Azul's API

What's this? This is a django project meant to be run locally that gives you your OAuth 2.0 tokens needed to interact with Conta Azul's API Prerequisi

Fábio David Freitas 3 Apr 13, 2022
Python's simple login system concept - Advanced level

Simple login system with Python - For beginners Creating a simple login system using python for beginners this repository aims to provide a simple ove

Low_Scarlet 1 Dec 13, 2021
Pingo provides a uniform API to program devices like the Raspberry Pi, BeagleBone Black, pcDuino etc.

Pingo provides a uniform API to program devices like the Raspberry Pi, BeagleBone Black, pcDuino etc. just like the Python DBAPI provides an uniform API for database programming in Python.

Garoa Hacker Clube 12 May 22, 2022
A Login/Registration GUI Application with SQLite database for manipulating data.

Login-Register_Tk A Login/Registration GUI Application with SQLite database for manipulating data. What is this program? This program is a GUI applica

Arsalan 1 Feb 01, 2022
JWT Key Confusion PoC (CVE-2015-9235) Written for the Hack the Box challenge - Under Construction

JWT Key Confusion PoC (CVE-2015-9235) Written for the Hack the Box challenge - Under Construction This script performs a Java Web Token Key Confusion

Alex Fronteddu 1 Jan 13, 2022
Two factor authentication system using azure services and python language and its api's

FUTURE READY TALENT VIRTUAL INTERSHIP PROJECT PROJECT NAME - TWO FACTOR AUTHENTICATION SYSTEM Resources used: * Azure functions(python)

BHUSHAN SATISH DESHMUKH 1 Dec 10, 2021
A simple username/password database authentication solution for Streamlit

TL;DR: This is a simple username/password login authentication solution using a backing database. Both SQLite and Airtable are supported.

Arvindra 49 Nov 25, 2022
MikroTik Authentication POCs

Proofs of concept which successfully authenticate with MikroTik Winbox and MAC Telnet servers running on RouterOS version 6.45.1+

Margin Research 56 Dec 08, 2022