Description:

drfrestauth 0.1.4

drf-auth
Painless token authentication for django restframework. Built on top of rest_framework.auth_token. It's meant to provide a ready to use authentication for your SPAs and other Mobile Apps

Installation
pip install drf-restauth

Homepage
The project homepage on: Github
Usage
INSTALLED_APPS=[
'rest_framework',
'rest_framework.authtoken',
'drf_auth'
]

Configure project urls.py:
Subsequent examples assume, you are using "/api/auth/ as the path prefix.
urlpatterns = [
path("api/auth/", include("drf_auth.urls"))
]

# settings.py

REST_FRAMEWORK = {
'DEFAULT_RENDERER_CLASSES': [
'rest_framework.renderers.JSONRenderer',
],
'DEFAULT_AUTHENTICATION_CLASSES': [
'rest_framework.authentication.TokenAuthentication'
],
'DEFAULT_PERMISSION_CLASSES': [
'rest_framework.permissions.IsAuthenticated'
]
}

# drf-specific settings for password reset

DRF_AUTH_SETTINGS = {
"SITE_NAME": "My Site Title",
"PASSWORD_RESET_REDIRCT_URL": "/",
"PASSWORD_CHANGE_TEMPLATE": "drf_auth/password_change_form.html",
"EMAIL_HOST_USER": "youremail@gmail.com",
"EMAIL_HOST_PASSWORD": "yourpassword",
"EMAIL_HOST": "smtp.gmail.com",
"EMAIL_PORT": 587,
}

These settings can be ignored if you don't plan to do password reset by email!
Endpoints:

/POST api/auth/register/

{
"username": "string",
"password":"string",
"email":"string",
"first_name": "string",
"last_name":"string"
}

response:{
"token": "string",
"user":{
"username": "string",
"password":"string",
"email":"string",
"first_name": "string",
"last_name":"string"
}
}


/POST api/auth/login/

body:
{
"username": "string",
"password":"string"
}

response:{
"token": "string",
"user":{
"username": "string",
"password":"string",
"email":"string",
"first_name": "string",
"last_name":"string"
}
}


/POST api/auth/logout/

body: null
response:{
"success": true
}


/GET api/auth/user/ (Protected Route)

response:
{
"username": "string",
"password":"string",
"email":"string",
"first_name": "string",
"last_name":"string"
}


GET /api/auth/users (Protected route, must be admin)


Retrieves a json array of all users unpaginated


/api/auth/update-user/ (Protected route)

body:{
"email":"string",
"first_name": "string",
"last_name":"string"
}

response:
{
"username": "string",
"password":"string",
"email":"string",
"first_name": "string",
"last_name":"string"
}


POST /api/auth/change-password/ (Protected route)

body:{
"old_password":"string",
"new_password": "string",
}

response:
{
"username": "string",
"password":"string",
"email":"string",
"first_name": "string",
"last_name":"string"
}


POST /api/auth/reset-password/

For restting forgotten passwords. An email will be sent
using the settings provided in settings.DRF_AUTH_SETTINGS
dictionary.
body:{
"email":"string",
}

status: 200 - OK(Email sent)
status: 400 - Email not sent
status: 500 - Internal server error

response:
{
"message": "string"
}

Handle user email confirmation





This route handles navigations/get requests when the user clicks the password reset link.
For a complete workflow, provide a template to render in DRF_AUTH_SETTINGS(see above) and make sure that
the new password is POSTED to the same route.
The following variables are passed to you in the context for customization:

user
site_name


/POST /api/auth/reset_password_confirmation/<uidb64>/<token>/

Note that the token expires after 30 minutes after the email is sent
body:
{
"password": "string"
}

Required Headers

Authorization: Token xxxxxxxx (required for protected routes)
Content-Type: application/json
X-Requested-With: XMLHttpRequest (Desirable)

Practical examples using typescript
import axios from "axios";


// Add content-type header on every request
axios.interceptors.request.use(function (config) {
const token = localStorage.getItem("token");

if (token) {
config.headers.Authorization = `Token ${token}`;
}

config.headers["Content-Type"] = "application/json";
return config;
});

const handleLogin = async (username:string, password:string)=>{
const body = JSON.stringify({
username,
password
});

const res = await axios.post("/api/auth/login/", body);
const {user, token} = res.data;

localStorage.setItem("token", token);
localStorage.setItem("user", JSON.stringify(user));
}

interface User{
username:string,
first_name:string,
last_name:string,
password:string,
email:string
}

const handleRegister = async (user:User):Promise<User> =>{
const body = JSON.stringify(user);

const res = await axios.post("/api/auth/login/", body);
const {user, token} = res.data;

localStorage.setItem("token", token);
localStorage.setItem("user", JSON.stringify(user));
return user
}

type LogoutResponse = {
success: boolean
}

const handleLogout = ():Promise<LogoutResponse>=>{
const res = await axios.post("/api/auth/logout/", null)
return res.data
}

const getLoggedInUser = ():Promise<User>=>{
const res = await axios.get("/api/auth/user/")
return res.data
}

Submit an issue at Github
Feel free to add your voice but be gentle, this is my first open source Django package!

License

For personal and professional use. You cannot resell or redistribute these repositories in their original state.

Share

• Share on Facebook
• Share on Twitter