- compatibility with Python up to 3.10 and Django up to 4.0
- integration with github CI instead of travis
- Migration: "salt" field of model "AuthToken" is removed
- Expiry format now defaults to whatever is used Django REST framework
- The behavior can be overridden via EXPIRY_DATETIME_FORMAT setting
- Fully customizable expiry format via format_expiry_datetime
- Fully customizable response payload via get_post_response_data
- Fix for tox config to build Django 2.2 on python 3.6
BREAKING This is a major release version because it
breaks the existing API.
Changes have been made to the create() method on the AuthToken model.
It now returns the model instance and the raw token instead
of just the token to allow the expiry field to be included in the
success response.
Model field of AuthToken has been renamed from expires to expiry
to remain consistent across the code base. This patch requires you
to run a migration.
Depending on your usage you might have to adjust your code to fit these new changes.
AuthTokenmodel field has been changed fromexpirestoexpiry- Successful login now always returns a
expiryfield for when the token expires
- The user serializer for each
LoginViewis now dynamic
- The context, token TTL and tokens per user settings in
LoginVieware now dynamic
Our release cycle was broken since 3.1.5, hence you can not find the previous releases on pypi. We now fixed the problem.
- Adds optional token limit
- #129, #128 fixed
- Changelog and Readme converted to markdown
- Auth header prefix is now configurable
- We ensure not to have flake8 errors in our code during our build
- MIN_REFRESH_INTERVAL is now a configurable setting
- Ensure compatibility with Django 2.1 up to Python 3.7
-
Breaking changes: Successful authentication ONLY returns
Tokenobject by default now.USER_SERIALIZERmust be overridden to return more data. -
Introduce new setting
MIN_REFRESH_INTERVALto configure the time interval (in seconds) to wait before a token is automatically refreshed.
- Fix !111: Avoid knox failing if settings are not overwritten
- Introduce new setting AUTO_REFRESH for controlling if token expiry time should be extended automatically
- Make AuthTokenAdmin more compatible with big user tables
- Extend docs regarding usage of Token Authentication as single authentication method.
- Fix compatibility with django-rest-swagger (bad inheritance)
- Avoid 500 error response for invalid-length token requests
- restore compatibility with Python <2.7.7
- use hmac.compare_digest instead of == for comparing hashes for more security
- drop Django 1.8 support as djangorestframework did so too in v.3.7.0
- build rest-knox on Django 1.11 and 2.0
- drop using OpenSSL in favor of urandom
- Add context to UserSerializer
- improve docs
- improved docs and readme
- login response better supporting hyperlinked fields
Please be aware: updating to this version requires applying a database migration. All clients will need to reauthenticate.
- Big performance fix: Introduction of token_key field to avoid having to compare a login request's token against each and every token in the database (issue #21)
- increased test coverage
- Bugfix: invalid token length does no longer trigger a server error
- Extending documentation
Please be aware: updating to his version requires applying a database migration
-
Introducing token_key to avoid loop over all tokens on login-requests
-
Signals are sent on login/logout
-
Test for invalid token length
-
Cleanup in code and documentation
-
Bugfix: invalid token length does no longer trigger a server error
-
Extending documentation
- Change to support python 2.7
- Hashing of tokens on the server introduced.
- Updating to this version will clean the AuthToken table. In real terms, this means all users will be forced to log in again.
LoginViewchanged to respectDEFAULT_AUTHENTICATION_CLASSES
- Initial release