GithubHelp home page GithubHelp logo

pombredanne / django-user-management Goto Github PK

View Code? Open in Web Editor NEW

This project forked from incuna/django-user-management

0.0 0.0 0.0 389 KB

User management model mixins and api views.

License: BSD 2-Clause "Simplified" License

Makefile 0.21% Python 99.79%

django-user-management's Introduction

django-user-management

Build Status Coverage Status Requirements Status

User management model mixins and api views.

Custom user model mixins

ActiveUserMixin

user_management.models.mixins.ActiveUserMixin provides a base custom user mixin with a name, email, date_joined, is_staff, and is_active.

VerifyEmailMixin

user_management.models.mixins.VerifyEmailMixin extends ActiveUserMixin to provide functionality to verify the email. It includes an additional email_verification_required field.
By default users will be created with is_active = False, a verification email will be sent including a link to verify the email and activate the account.

AvatarMixin

user_management.models.mixins.AvatarMixin adds an avatar field. The serializers require django-imagekit.

Avatar views

user_management.api.avatar.views.ProfileAvatar provides an endpoint to retrieve and update the logged in user's avatar.

user_management.api.avatar.views.UserAvatar provides an endpoint to retrieve and update other user's avatar. Only admin user can update other user's data.

Both avatar views provides an endpoint to retrieve a thumbnail of the authenticated user's avatar.

Thumbnail options can be specified as get parameters. Options are:
    width: Specify the width (in pixels) to resize / crop to.
    height: Specify the height (in pixels) to resize / crop to.
    crop: Whether to crop or not [1,0]
    anchor: Where to anchor the crop [t,r,b,l]
    upscale: Whether to upscale or not [1,0]

If no options are specified the users avatar is returned.

To crop avatar to 100x100 anchored to the top right:
    avatar?width=100&height=100&crop=1&anchor=tr

Installation

Install the package

pip install django-user-management

Install with avatar functionality

pip install django-user-management[avatar]

Install with filtering sensitive data out of Sentry

pip install django-user-management[utils]

Create a custom user model

from django.contrib.auth.models import AbstractBaseUser, PermissionsMixin
from user_management.models.mixins import ActiveUserMixin


class User(ActiveUserMixin, PermissionsMixin, AbstractBaseUser):
    pass

If you want to use the VerifyEmailMixin then substitute it for ActiveUserMixin

Make sure your custom user model in added to INSTALLED_APPS and set AUTH_USER_MODEL to your custom user model.

Dependencies

djangorestframework
incuna_mail

The optional AvatarMixin functionality depends on django-imagekit.

To use the api views

Add to your INSTALLED_APPS in settings.py

INSTALLED_APPS = (
    ...
    'user_management.api',
    ...
)

Set your DEFAULT_AUTHENTICATION_CLASSES, for example:

REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': {
        'rest_framework.authentication.TokenAuthentication',
        'rest_framework.authentication.SessionAuthentication',
    },
}

Add the urls to your ROOT_URLCONF

urlpatterns = patterns(''
    ...
    url('', include('user_management.api.urls', namespace='user_management_api')),
    ...
)

If you are using the VerifyEmailMixin then also include user_management.api.urls.verify_email

urlpatterns = patterns(''
    ...
    url('', include('user_management.api.urls.verify_email')),
    ...
)

If you are using the AvatarMixin then also include user_management.api.avatar.urls.avatar

urlpatterns = patterns(''
    ...
    url('', include('user_management.api.avatar.urls.avatar')),
    ...
)

If you need more fine-grained control you can replace user_management.api.urls with a selection from

urlpatterns = patterns(''
    ...
    url('', include('user_management.api.urls.auth')),
    url('', include('user_management.api.urls.password_reset')),
    url('', include('user_management.api.urls.profile')),
    url('', include('user_management.api.urls.register')),
    ...
)

Throttling protection

The /auth/ and /auth/password_reset/ URLs are protected against throttling using the built-in DRF throttle module.

The default throttle rates are:

'logins': '10/hour'
'passwords': '3/hour'

You can customise the throttling rates by setting REST_FRAMEWORK['DEFAULT_THROTTLE_RATES'] in your settings.py:

REST_FRAMEWORK = {
    'DEFAULT_THROTTLE_RATES': {
        'logins': '100/day',
        'passwords': 100/day',
    },
}

Filtering sensitive data

Custom Sentry logging class is available to disallow sensitive data being logged by Sentry client.

Activate it in the settings.py by adding:

SENTRY_CLIENT = 'user_management.utils.sentry.SensitiveDjangoClient'

Expiry of Auth tokens

By default DRF does not offer expiration for authorization tokens nor any form of validation for the expired tokens.

django-user-management comes in help here and this functionality can be easily activated.

Override the authentication class for DRF in settings.py:

REST_FRAMEWORK = {
    ...
    'DEFAULT_AUTHENTICATION_CLASSES': 'user_management.api.authentication.TokenAuthentication',
    ...
}

Remember to run the management command (eg via cronjob) to clear expired tokens:

python manage.py remove_expired_tokens
Tokens expiry times

You can set custom expiry time for the auth tokens.

Add below constants in the settings.py:

AUTH_TOKEN_MAX_AGE = <milliseconds_value> (default: 200 days)
AUTH_TOKEN_MAX_INACTIVITY = <milliseconds_value> (default: 12 hours)

django-user-management's People

Contributors

adam-thomas avatar kevinetienne avatar lilyfoote avatar lowks avatar mattack108 avatar maxpeterson avatar meshy avatar nologo avatar semvertsar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.